Project 4: Oracle Federation Admin user migration
The user migration needs to be done keeping the oracle IAM and IDCS integrated for federated users
Admin sets up federation trust:
Reference : https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/federation.htm
The restricted policies would be :
Allow group IdPAdmins to manage identity-providers in tenancy
Allow group IdPAdmins to manage groups in tenancy
OKTA Federation with OCI : https://docs.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/okta-federation-with-oci.pdf
Reference : https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/federation.htm
Federated user:
Organizations commonly used Identity providers (IdP) to manage user login/password. This authentication mechanism allows these organizations to provide user access using SSO mechanism.
OCI also allows the integration of Idp with Oracle IAM.
We are here looking forward to integrate our Oracle IAM users to OKTA IdP.
It is expected for an OCI admin to federate the users of OCI with the provided IdP, so that each employee uses company's SSO.
To federate, the admin goes through a short process of building a relationship between the OCI and IdP which is also called as federation trust.
As a part of building this trust what we need to do is create a group in IdP which is similar to the group in OCI and and the mapping.
Manage IDCS user and group in OCI : https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/addingidcsusersandgroups.htm
Understanding Admin roles in IDCS : https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/understand-administrator-roles.html#GUID-9B488723-43A1-47B1-ACB0-41FFD780FD5D
Add and remove user from Admin group : https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/add-or-remove-user-account-administrator-role.html#GUID-2ACB1B68-0388-4F76-BEB2-E95F916F517C