Oracle Identity Cloud Service (IDCS) is Oracle’s next-generation security (Single sign-on)and identity management platform that is cloud-native and designed to be a part of the enterprise security fabric, providing modern identity for modern applications.
In this blog, we will walk you through each step of the process, demystifying the complexities involved in establishing a seamless SSO experience across your OCI environments.
Whether you are an IT administrator looking to enhance user accessibility or a security professional aiming to fortify your cloud infrastructure, this step-by-step tutorial is your go-to resource for mastering the art of setting up SSO between multiple OCI tenancies. Let’s embark on this journey together and unlock the full potential of unified access management in the Oracle Cloud.
In this blog, we will cover
- Difference b/w Single-Tenant & Multi-Tenant
- What is Single Sign-On (SSO)?
- Significance of SSO in OCI
- Conclusion
Difference b/w Single-Tenant & Multi-Tenant
A single instance of the software and supporting infrastructure serves a single client. With a single tenancy, each & every client has his/her own independent database & instance of the software.
Benefits & Downsides of single-tenant:
- A single client and a single server is often contained on secure hardware being used by a limited number of people.
- With an entire environment dedicated to one client, resources are bountiful and available anytime.
- Single-tenant typically means more tasks and regular maintenance to keep things running smoothly and systematically.
- Single-tenant typically enables more resources, but at a premium price given that there is only one client for the entire environment.
Multi-tenancy means that a single instance of the software and its supporting infrastructure serves multiple clients. Each client shares the software application and also shares a single database. Each tenant’s data is confined and remains invisible to other tenants.
Potential Benefits & Downsides of multi-tenant:
- Multiple clients mean that the cost for the environment is shared, and those savings are typically transferred to the cost of the software.
- Cloud environments allow for easier integration with other applications through the use of APIs.
- While you do have added integration benefits, custom changes to the database are not typically an option.
- Other tenants would not see your data. However, multiple users are allowed on the same database. This broader access decreases control of security.
What is Single Sign-On (SSO)?
Single Sign-On is an authentication process that allows a user to access multiple applications or services with a single set of credentials. In the context of OCI, implementing SSO across multiple tenancies ensures a unified and seamless experience for users navigating various cloud environments.
Step by Step: Set up single sign-on between multiple tenancies using Oracle Identity Cloud service
In this example, we have one parent tenancy that has all user accounts and can log in to any child Oracle Cloud Infrastructure (OCI) tenancy.
Step 1- Register & Log in to the Oracle free Cloud account.
Note: First, you should have an Oracle Free Cloud Account and if you don’t have one, then you can register FREE using my step-by-step video & guide that I covered in episode 30. You can get it by visiting here.
Step 2- Create a user(IDCS) account in the parent tenancy,
1) Open the navigation menu and select Identity & Security, select Domains then select Default Domain after that click Users.
2) Click on Create Users, select User type and fill all the details.
Step 5- Click Next and then Next and Finish.Copy the client ID and client secret and close the window.
- Client ID: <xxxxxxxxxxxxxxxxxxxxxxxxx>
- Client Secret: <xxxxxxxxxxxxxxxxxxxxxx>
Conclusion
Implementing Single Sign-On (SSO) across multiple Oracle Cloud Infrastructure (OCI) tenancies presents a strategic approach to managing user access, enhancing security, and simplifying the authentication process. By consolidating authentication mechanisms and centralizing access control, organizations can significantly improve operational efficiency while fortifying their overall security posture.
FAQs
What is Single Sign-On (SSO) in OCI?
Single Sign-On (SSO) in Oracle Cloud Infrastructure allows users to access multiple tenancies using a single set of credentials, streamlining authentication and access across different environments.
Why should I implement SSO between OCI tenancies?
Implementing SSO between OCI tenancies simplifies user access management, enhances security by centralizing authentication, and improves operational efficiency by reducing the need for multiple sets of credentials.
Implementing SSO between OCI tenancies simplifies user access management, enhances security by centralizing authentication, and improves operational efficiency by reducing the need for multiple sets of credentials.
The main components for SSO setup include an Identity Provider (IDP), a Service Provider (SP), trust relationships established via exchanged metadata, and configured attribute mappings for user data.
How do I set up an Identity Provider (IDP) in OCI?
You can set up an IDP in OCI by accessing the Identity -> Federation section, creating an Identity Provider, and downloading the IDP metadata necessary for configuring the Service Provider (SP) in another tenancy.
Can I use different identity providers for different OCI tenancies?
Yes, you can use different Identity Providers for different OCI tenancies based on your organizational requirements. Each tenancy can have its own IDP.
What steps are involved in configuring SSO between OCI tenancies?
Configuring SSO between OCI tenancies involves setting up an IDP in one tenancy, configuring a corresponding SP in another tenancy using exchanged metadata, establishing trust relationships, and testing the SSO configuration.
References
- Oracle Cloud Infrastructure Compartments
- Networking in OCI
- Region, AD, FD & High Availability (HA) in OCI
- Oracle Cloud Infrastructure (OCI): Region, AD, Tenancy, Compartment, VCN, IAM, Storage Service
- 1Z0-1072-21 | Oracle Cloud Infrastructure 2021 Architect Associate
- How to Register For FREE Oracle Cloud Trial Account
Begin Your Cloud Journey
Begin your journey towards becoming a Certified Oracle Cloud Infrastructure Architect and earning a lot more in 2024 by joining our FREE CLASS. You will also know more about the Roles and Responsibilities, Job opportunities for OCI Architects in the market, and what to study Including Hands-On labs you must perform to clear the Oracle Cloud Architect Associate Certification (OCI) certification exam by registering for our FREE Masterclass.
Click on the below image to Register Our FREE Class on Master Oracle Cloud (OCI) and Get a Higher Paying Job!
Leave a Reply