Introduction
Oracle launched its Identity Cloud Service (IDCS) in the fall of 2016. IDCS is designed on Microservice architecture which aligns with Cloud principles of Scalability, Elasticity, Resilience, Ease of Deployment, Functional Agility, Technical Adoption, and Organization Alignment. Moreover, IDCS is intended to provide a set of hybrid identity features to maintain a single identity for each user across on premise and in the cloud services while delivering a seamless user experience.
This post is the first of a multi-part series which will focus on providing insights on common use cases for IDCS. In this post, we will discuss how an integration with IDCS can simplify user authentication and single sign on capabilities for Oracle Eloqua Marketing Cloud Service. This blog post highlights the federation capability of IDCS.
High Level Integration Steps
IDCS – Oracle Eloqua integration can be covered in following steps –
Step 1: Upload users in Oracle IDCS via CSV import.
Step 2: Create users in Oracle Eloqua Marketing Cloud Service.
Step 3: Extract Identity Provider metadata from IDCS and import in Oracle Eloqua Marketing Cloud Service.
Step 4: Extract Service Provider metadata from Oracle Eloqua Marketing Cloud Service and import it into IDCS.
Step 5: Test the login.
In general. these high level steps will remain same for IDCS integration with any other Oracle Cloud Product.
Detailed Steps
The details of the each of the steps are listed below.
Step 1: Upload users in Oracle IDCS via CSV import
a. Create a CSV file -
Sample file to create users in IDCS and Eloqua
b. Login to IDCS.
c. Click on User’s tab.
d. Click on Import button.
e. Click on Browse.
f. Select CSV file created in step a.
g. Click on Import Button.
h. User import completed.
i. Click on Job tab and verify the user import status.
j. Click on user tab and validate the created users.
Step 2: Create users in Oracle Eloqua Marketing Cloud Service
a. Login to Oracle Eloqua Marketing Cloud Service.
b. The Marketing Eloqua Cloud home page looks like below.
c. Click on Contact from Audience tab.
d. Click on Upload button.
e. Select the CSV file.
f. Click on Cloud to upload file.
g. Select the file which contains the users which need to be created in Oracle Eloqua Marketing Cloud Service.
h. Validate the user’s details and click on Next Step.
i. Click on Next Step.
j. Select root folder.
k. Click on Finish.
l. User is created.
Step 3: Extract Identity Provider metadata from IDCS and import in Oracle Marketing cloud
Follow the below steps to extract metadata from IDCS.
a. Login to IDCS.
https://xxxxx.identity.oraclecloud.com/fed/v1/metadata
b. Enter user name and password and click on login.
c. Click on file menu and select Save As
d. Enter name of file and click on Save button
Follow the below the steps to Import metadata to Oracle Eloqua Marketing Cloud Service
a. Login to Oracle Eloqua Marketing Cloud Service: https://login.eloqua.com/
b. Click on setting icon in the upper right corner of screen
c. Click on view users.
d. Click on Single sign on tab then click on Identity Provider Setting.
e. The Identity provider Management dashboard is displayed as below.
f. Click on Upload Identity Provider from Metadata.
g. Enter Name of Identity provider and select the extracted IDCS file.
h. Click on Open.
i. Click on Save Button.
Step 4: Extract Service Provider metadata from Oracle Eloqua Marketing Cloud and import in IDCS
Extract Service Provider metadata from Oracle Eloqua Marketing Cloud
a. Login Oracle Eloqua Marketing Cloud Service using the url à https://login.eloqua.com/
b. Click on settings icon in the upper left corner
c. Click on View Users.
d. Click on Single sign on tab and then click on Identity Provider Setting.
e. Identity provider Management dashboard is displayed as shown below -
f. Click on IDCS Metadata link and note down the following values. Also download signing certificate.
ü logoutRequestUrl
ü partnerProviderId
ü assertionConsumerUrl
g. Click on Single sign on tab and then click on Certificate Setup.
h. Click on Service Provider Certificate for IDCS Metadata.
j. Finish
Importing Oracle Eloqua Marketing Cloud Service SP metadata into IDCS
Currently IDCS does not offer any UI interface for addition of Service Provider metadata or any other similar changes to SAML settings. These functionalities are exposed as REST APIs. Hence any addition or likewise changes can be achieved by using the curl commands or using REST clients.
For example, we can use poster plugin as a rest client for these operations.
Importing a Service Provider metadata to IDCS is two-step process.
a. Obtain access token from OIDCS as admin user.
URL: IDCS token service end point
Headers: Authorization
Operation: POST
Data: admin user, password, scope
Example:
b. Use the above access token to invoke the REST API.
URL: IDCS token service end point
Headers: Authorization
Operation: POST
Data: Details populated with service provider SCIM schema
Step 5: Test the login
a. Login to Oracle Eloqua Marketing Cloud Serviceà https://login.eloqua.com/
b. Click on Sign in with SSO or another account link à Enter Company Name and click on Sign in
c. Page should be redirected to IDCS login page
d. Enter IDCS username and password
e. User is now logged-in to Eloqua marketing cloud successfully!!
Finally follow the below steps to verify the underlying SAML Exchange
a. Behind the scenes, Eloqua service provider sends a signed authentication request to IDCS (which can be seen in SAML tracer plugin in chrome)
b. IDCS Identity Provider sends signed assertion response confirming user’s identity.
Concluding Remarks.
Here we saw how quick it is to on board a cloud application for Federation. The annoyances of the on premise solution, around acquiring hardware, setting up the load balancer, and installation and configuration of components is now talk of the past. The cloud instance is readily available for everyone immediately from day one unlike the on premise solution where we need to spend months in getting the environment up and ready.
Oracle identity Cloud Service provides a comprehensive IAM platform built on modern cloud principles that can be used by organizations to simplify the interaction with business partners and customers.
No comments:
Post a Comment