One thing on my backlog that I’ve finally got round to is configuring identity federation between OCI and Azure AD / Entra ID, my reason for doing this is to provide the ability to login to the OCI console and administer OCI using an Azure AD / Entra ID account π
This process is well documented – both Microsoft and Oracle provide detailed guidance on how to do this:
- Tutorial: Microsoft Entra SSO integration with Oracle Cloud Infrastructure Console (Microsoft)
- Federating with Microsoft Azure Active Directory (Oracle)
I ran into a couple of small issues so thought I’d put together a short video that steps through the end-to-end process for configuring this.
Points to Note:
- I configured a single user account (Lewis) with the ability to authenticate to the OCI console using his Azure AD / Entra ID account, for this to work I also needed to create an account in OCI IAM with a matching username (lewis@brendan-griffin.com) π§
- I couldn’t complete Step 1 of the Oracle documentation as the federation metadata wasn’t available in the location specified, I was able to obtain this via Identity & Security > Domains > Default (replace with the domain you’d like to configure) > Security > Identity providers > Export SAML metadata π
- In Step 3 of the Oracle documentation, you need to enter a sign-on URL, as these are region specific, you’ll need to update to match your region. In my specific case, this URL was https://console.uk-london-1.oraclecloud.com a full list of regions can be found in Regions and Availability Domainsβπ
- As I was testing with a single user account, I didn’t bother with Group Mappings (step 8) β¬ οΈβ‘οΈ
Here is the video πΌ:
Leave a reply to Avoiding double MFA when using identity federation with OCI IAM π – Brendan's Tech Ramblings Cancel reply