SlideShare a Scribd company logo

AD SSO with Oracle Analytics Cloud - Oracle Open World 18

Becky Wagner
Becky Wagner

Active Directory and Single Sign-On with Oracle Analytics Cloud (OAC)

Technology
1 of 30
Download to read offline
Becky Wagner, Sr BI Architect E: bwagner@us-analytics.com T: @Bec_Wagner Active Directory and Single Sign-On with Oracle Analytics Cloud (OAC) October 24th, 2018 Oracle Open World Marquis Nob Hill C/D https://www.us-analytics.com/oac-active-directory-single-sign-on
2 AGENDA OAC Options – Customer Case1 AD Bridge2 SAML 2.0 ADFS3 Direct SSO vs Link4 Trouble Spots5
3 BECKY WAGNER WHO AM I? § Wife; Mother of 3 (ages 16, 13, and 9); § 2nd degree black belt in Tae Kwon Do § Red Cross Blood Drive Coordinator § ODTUG BI Community Leader § Oracle ACE Associate § Sr BI Architect at US-Analytics § 14 years in IT § Email: bwagner@us-analytics.com § Twitter: @Bec_Wagner § LinkedIn: https://www.linkedin.com/in/rebecca-wagner-bb356924/ § IRC Channel (Telegram): #obihackers
3 Membership Tiers • Oracle ACE Director • Oracle ACE • Oracle ACE Associate bit.ly/OracleACEProgram 500+ Technical Experts Helping Peers Globally Connect: Nominate yourself or someone you know: acenomination.oracle.com @oracleace Facebook.com/oracleaces oracle-ace_ww@oracle.com
7 Who is US-Analytics? 80+ EPM and BI professionals with 12+ years of experience. BY THE NUMBERS 19+years in business with continued growth >600clients 1,500+engagements with
8 TECHNOLOGYENERGY FINANCIAL RETAIILHEALTHCARE Sampling of EPM Clients (Project and Support) Approx. 100 Projects Annually
9 AGENDA OAC Options – Customer Case1 SAML 2.0 ADFS3 Direct SSO vs Link4 Trouble Spots5 AD Bridge2
10 • Security is highest priority • Waited to start Project until AD integration • VPNaaS to Palo Alto NextGen Firewalls • Private IP Ranges • Access from within network only • OAC with IDCS (Identity Cloud) • Migrating from OBIEE 11g to OAC • AD integration required (8000+ users, 14000+ groups) • SSO was highly desirable Large Financial Management Customer US-Analytics: Customer Case – Enterprise worthy OAC
11 AGENDA OAC Options – Customer Case1 AD Bridge2 SAML 2.0 ADFS3 Direct SSO vs Link4 Trouble Spots5
12 AD Bridge Besides following the tutorial, what you need: • Must install on Server joined to AD Domain • User with rights to install software • User with the following AD rights • Read for all users and groups in the domain • Read for all OUs • If you are using an AD user specifically setup for this AD Bridge, specific permissions can be found here: • https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/creating- bridge.html • Tutorial for AD Bridge • https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/idcs/idcs _idbridge_obe/idbridge.html
13 AD Bridge - Roadmap 1. Download From IDCS 2. Install On Domain-Joined Server 3. Configure Users and Groups 4. Import in IDCS 5. Verify *Note: OAC comes with IDCS Foundation. AD Bridge is in IDCS Basic.
14 AD Bridge – Detailed Steps Part 1 • Browser - IDCS, navigate to Directory Integration and click Add • Copy the URL, Client ID and Client Secret • Click Download • Click Run and Next, Next, Next • Enter the URL, ID and Secret and Test • If successful, click Next • Enter AD Domain User and Password and Test • If successful, click Next 1:07 1:15 1:52 1:55 2:12 2:21 2:27 2:31
15 AD Bridge – Detailed Steps Part 2 • Browser – IDCS Directory Integration partially configured • Expand OU’s and check appropriate OU for Users • Repeat for groups • Click Attribute Mappings, delete all non-needed, don’t change • Save, Refresh, Import • Verify by clicking on Users tab in left menu 3:07 3:17 3:25 3:32 4:17 5:01
16 AD Bridge, Video Walk-Through https://youtu.be/QbQV-riohVI
17 AD Bridge – The More You Know • Becomes a service. Note that this service is running and starts automatically • Find the AD Bridge Config Utility in C:Program FilesIDBridgeIDBridgeUI.exe • Click on View Logs – Highly important to note log locations • Sync has a limit, will continue at the frequency until fully sync’d • Errors will have details in the logs, like missing email or some other attribute issue
18 AGENDA OAC Options1 Direct SSO vs Link4 Trouble Spots5 SAML 2.0 ADFS3 AD Bridge2
19 ADFS & Single Sign-On – SAML 101 Img from - https://developers.onelogin.com/assets/img/pages/saml/sso-diagram.svg
20 ADFS & Single Sign-On – Detailed Steps Part 1 1. Download ADFS Metadata File • https://adfs.contoso.com/FederationMetadata/2007-06/FederationMetatdata.xml • XML files have tags, if browser doesn’t show them, right click and view source, then save 2. IDCS Identity Provider Setup • Add SAML IDP • Name, Next, Upload FederationMetadata.xml, Requested NameID – Email Addr, Next, Finish • Don’t click Export – Use the following URL to download IDCS metadata XML • https://MYTENANT.identity.oraclecloud.com/fed/v1/metadata?adfsmode=true Tutorial: https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/idcs/idcs_adfs_obe/adfs.html 0:23 1:40
21 ADFS & Single Sign-On – Detailed Steps Part 2 3. In AD FS management console add a Relying Party Trust • Import Metadata.xml, Next, Name, Next Next Next Next, Finish • Add Claim Rules 1. Send LDAP Attributes as Claims, Name - Email, Attribute Store - Active Directory, LDAP Attribute - Email Addresses and Outgoing Claim Type – Email Address 2. Transform an Incoming Claim, Name – Name ID, Incoming – Email Address, Outgoing claim – Name ID, Outgoing format – Email 4. IDCS Configuration • Drop down – select Activate, Drop down again – select Show on Login Page • IDP Policies – Click Default and then Assign new ADFS Tutorial: https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/idcs/idcs_adfs_obe/adfs.html 2:43 4:20
22 ADFS & Single Sign-On, Video Walk-Through https://youtu.be/FcULyV0mgFs
23 AGENDA OAC Options1 SAML 2.0 ADFS3 Direct SSO vs Link4 Trouble Spots5 2 AD Bridge
24 Removing Local Logins Oracle Support Doc ID 2438952.1 OAC/OAAC: How To Disable IDCS Chooser Login Page and Get Redirected to Custom SSO Login Page Directly in Oracle Analytics Cloud(OAC) Once everything has been confirmed working for SSO link on login page: • IDP Policies • Remove ADFS from ‘Default Identity Provider Policy’ • Create new IDP Policy • Assign ADFS to Policy • Assign OAC Application(s) • Configure Application for Redirect URL • Can be any URL (www.oracle.com), and doesn’t actually affect behavior 0:12 0:26 1:05
25 Removing Local Logins, Video Walk-Through https://youtu.be/Hg5EKV2nmnM
26 AGENDA OAC Options1 SAML 2.0 ADFS3 Direct SSO vs Link4 Trouble Spots5 2 AD Bridge
27 Things to be on the lookout for Trouble Spots and Lessons Learned ADFS Direct SSOAD Bridge • Sometimes logs stop while still showing Active in IDCS and service shows running in Windows • Logs path not in documentation, use ADBridge Application and View Logs. • While checking OUs, be sure to expand and check lower levels (Default now) • Username - Email • IDCS uses SAML 2.0, for Win 2016 we had to get a different ADFS xml file • Don’t download the Export IDCS metadata. ADFS needs a special format. Can get from URL: • https://DOMAIN.oracle cloud.com/fed/v1/met adata?adfsmode=true • Security wants users to be authenticated by AD only • EM, RPD Admin Tool, Weblogic Console, still direct login – Can’t use AD users • Configure IDP Policy • Sign Out redirects to OAC DV, still signed in. Can configure ADFS global sign-out then IDCS sign out URL
28 11g Migration User Folder name change Account Rename
29 § Remove IDCS Chooser Page § Still need local login for EM and Weblogic Console and RPD Admin Tool RECAP OAC Options AD Bridge SAML 2.0 ADFS Direct SSO or Link § Security Sensitive § IDCS Private IP § Allows for AD and SSO integration § Local AD Domain joined Server § Find your logs § Find your ADFS buddy § Sign Out – redirects to DV § Claim Rules only worked with Email Getting Fancy: HA AD Bridge – Docker style https://www.oracle.com/technetwork/articles/idm/gutierrez-idcs-idbridge-3960710.html
Becky Wagner, Sr BI Architect E: bwagner@us-analytics.com T: @Bec_Wagner Questions? October 24th, 2018 Marquis Nob Hill C/DOracle Open World https://www.us-analytics.com/oac-active-directory-single-sign-on

Recommended

Moving OBIEE to Oracle Analytics Cloud
Moving OBIEE to Oracle Analytics CloudMoving OBIEE to Oracle Analytics Cloud
Moving OBIEE to Oracle Analytics CloudEdelweiss Kammermann
 
Oracle Cloud Infrastructure.pptx
Oracle Cloud Infrastructure.pptxOracle Cloud Infrastructure.pptx
Oracle Cloud Infrastructure.pptxGarvitNTT
 
Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureBob Rhubart
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
Move your oracle apps to oci
Move your oracle apps to ociMove your oracle apps to oci
Move your oracle apps to ociVamsiKrishna815
 
Cloud computing and migration strategies to cloud
Cloud computing and migration strategies to cloudCloud computing and migration strategies to cloud
Cloud computing and migration strategies to cloudSourabh Saxena
 
AWS-S3.pptx
AWS-S3.pptxAWS-S3.pptx
AWS-S3.pptx2365BhosaleGouri
 
Ambrish keshari resume
Ambrish keshari resumeAmbrish keshari resume
Ambrish keshari resumeAmbrish Keshari
 

Recommended

Moving OBIEE to Oracle Analytics Cloud
Moving OBIEE to Oracle Analytics CloudMoving OBIEE to Oracle Analytics Cloud
Moving OBIEE to Oracle Analytics CloudEdelweiss Kammermann
 
Oracle Cloud Infrastructure.pptx
Oracle Cloud Infrastructure.pptxOracle Cloud Infrastructure.pptx
Oracle Cloud Infrastructure.pptxGarvitNTT
 
Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureBob Rhubart
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
Move your oracle apps to oci
Move your oracle apps to ociMove your oracle apps to oci
Move your oracle apps to ociVamsiKrishna815
 
Cloud computing and migration strategies to cloud
Cloud computing and migration strategies to cloudCloud computing and migration strategies to cloud
Cloud computing and migration strategies to cloudSourabh Saxena
 
AWS-S3.pptx
AWS-S3.pptxAWS-S3.pptx
AWS-S3.pptx2365BhosaleGouri
 
Ambrish keshari resume
Ambrish keshari resumeAmbrish keshari resume
Ambrish keshari resumeAmbrish Keshari
 
Why HATEOAS
Why HATEOASWhy HATEOAS
Why HATEOASLee Wayne
 
AWS Vs Azure Vs Google Cloud
AWS Vs Azure Vs Google CloudAWS Vs Azure Vs Google Cloud
AWS Vs Azure Vs Google CloudLucy Zeniffer
 
Windows Virtual Desktop Powered By Microsoft Azure
Windows Virtual Desktop Powered By Microsoft AzureWindows Virtual Desktop Powered By Microsoft Azure
Windows Virtual Desktop Powered By Microsoft AzureDavid J Rosenthal
 
Migrating Your Oracle Database to PostgreSQL - AWS Online Tech Talks
Migrating Your Oracle Database to PostgreSQL - AWS Online Tech TalksMigrating Your Oracle Database to PostgreSQL - AWS Online Tech Talks
Migrating Your Oracle Database to PostgreSQL - AWS Online Tech TalksAmazon Web Services
 
CQRS and Event Sourcing, An Alternative Architecture for DDD
CQRS and Event Sourcing, An Alternative Architecture for DDDCQRS and Event Sourcing, An Alternative Architecture for DDD
CQRS and Event Sourcing, An Alternative Architecture for DDDDennis Doomen
 
Data Migration to Azure
Data Migration to AzureData Migration to Azure
Data Migration to AzureSanjay B. Bhakta
 
(BDT303) Construct Your ETL Pipeline with AWS Data Pipeline, Amazon EMR, and ...
(BDT303) Construct Your ETL Pipeline with AWS Data Pipeline, Amazon EMR, and ...(BDT303) Construct Your ETL Pipeline with AWS Data Pipeline, Amazon EMR, and ...
(BDT303) Construct Your ETL Pipeline with AWS Data Pipeline, Amazon EMR, and ...Amazon Web Services
 
Aws schema conversion tool
Aws schema conversion toolAws schema conversion tool
Aws schema conversion toolanshuman mishra
 
Digital reference architecture in hybrid cloud
Digital reference architecture in hybrid cloudDigital reference architecture in hybrid cloud
Digital reference architecture in hybrid cloudDavide Veronese
 
Az 104 session 3 azure compute
Az 104 session 3 azure compute Az 104 session 3 azure compute
Az 104 session 3 azure compute AzureEzy1
 
Big data on google cloud
Big data on google cloudBig data on google cloud
Big data on google cloudTu Pham
 
Data Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish VemuguntaData Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish Vemuguntafloridawusergroup
 
Overview of Azure Arc enabled Kubernetes
Overview of Azure Arc enabled KubernetesOverview of Azure Arc enabled Kubernetes
Overview of Azure Arc enabled KubernetesPieter de Bruin
 
Hybrid- and Multi-Cloud by design - IBM Cloud and your journey to Cloud
Hybrid- and Multi-Cloud by design - IBM Cloud and your journey to CloudHybrid- and Multi-Cloud by design - IBM Cloud and your journey to Cloud
Hybrid- and Multi-Cloud by design - IBM Cloud and your journey to CloudAleksandar Francuz
 
M365 reinvinting digital environment for modern workplace nv
M365 reinvinting digital environment for modern workplace nvM365 reinvinting digital environment for modern workplace nv
M365 reinvinting digital environment for modern workplace nvAhmad Almarzouk
 
Build an AppStream 2.0 Environment to Deliver Desktop Applications to Any Com...
Build an AppStream 2.0 Environment to Deliver Desktop Applications to Any Com...Build an AppStream 2.0 Environment to Deliver Desktop Applications to Any Com...
Build an AppStream 2.0 Environment to Deliver Desktop Applications to Any Com...Amazon Web Services
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access ManagementDLT Solutions
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultTom Kerkhove
 
Using AWS Purpose-Built Databases to Modernize your Applications
Using AWS Purpose-Built Databases to Modernize your ApplicationsUsing AWS Purpose-Built Databases to Modernize your Applications
Using AWS Purpose-Built Databases to Modernize your ApplicationsAmazon Web Services
 
AWS SQS for better architecture
AWS SQS for better architectureAWS SQS for better architecture
AWS SQS for better architectureSaurabh Bangad
 
20180605 sso with apex and adfs the weblogic way
20180605 sso with apex and adfs the weblogic way20180605 sso with apex and adfs the weblogic way
20180605 sso with apex and adfs the weblogic waymakker_nl
 
O365Engage17 - Identity in the cloud foundation for o365
O365Engage17 - Identity in the cloud foundation for o365O365Engage17 - Identity in the cloud foundation for o365
O365Engage17 - Identity in the cloud foundation for o365NCCOMMS
 

More Related Content

What's hot

AWS Vs Azure Vs Google Cloud
AWS Vs Azure Vs Google CloudAWS Vs Azure Vs Google Cloud
AWS Vs Azure Vs Google CloudLucy Zeniffer
 
Windows Virtual Desktop Powered By Microsoft Azure
Windows Virtual Desktop Powered By Microsoft AzureWindows Virtual Desktop Powered By Microsoft Azure
Windows Virtual Desktop Powered By Microsoft AzureDavid J Rosenthal
 
Migrating Your Oracle Database to PostgreSQL - AWS Online Tech Talks
Migrating Your Oracle Database to PostgreSQL - AWS Online Tech TalksMigrating Your Oracle Database to PostgreSQL - AWS Online Tech Talks
Migrating Your Oracle Database to PostgreSQL - AWS Online Tech TalksAmazon Web Services
 
CQRS and Event Sourcing, An Alternative Architecture for DDD
CQRS and Event Sourcing, An Alternative Architecture for DDDCQRS and Event Sourcing, An Alternative Architecture for DDD
CQRS and Event Sourcing, An Alternative Architecture for DDDDennis Doomen
 
(BDT303) Construct Your ETL Pipeline with AWS Data Pipeline, Amazon EMR, and ...
(BDT303) Construct Your ETL Pipeline with AWS Data Pipeline, Amazon EMR, and ...(BDT303) Construct Your ETL Pipeline with AWS Data Pipeline, Amazon EMR, and ...
(BDT303) Construct Your ETL Pipeline with AWS Data Pipeline, Amazon EMR, and ...Amazon Web Services
 
Aws schema conversion tool
Aws schema conversion toolAws schema conversion tool
Aws schema conversion toolanshuman mishra
 
Digital reference architecture in hybrid cloud
Digital reference architecture in hybrid cloudDigital reference architecture in hybrid cloud
Digital reference architecture in hybrid cloudDavide Veronese
 
Az 104 session 3 azure compute
Az 104 session 3 azure compute Az 104 session 3 azure compute
Az 104 session 3 azure compute AzureEzy1
 
Big data on google cloud
Big data on google cloudBig data on google cloud
Big data on google cloudTu Pham
 
Data Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish VemuguntaData Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish Vemuguntafloridawusergroup
 
Overview of Azure Arc enabled Kubernetes
Overview of Azure Arc enabled KubernetesOverview of Azure Arc enabled Kubernetes
Overview of Azure Arc enabled KubernetesPieter de Bruin
 
Hybrid- and Multi-Cloud by design - IBM Cloud and your journey to Cloud
Hybrid- and Multi-Cloud by design - IBM Cloud and your journey to CloudHybrid- and Multi-Cloud by design - IBM Cloud and your journey to Cloud
Hybrid- and Multi-Cloud by design - IBM Cloud and your journey to CloudAleksandar Francuz
 
M365 reinvinting digital environment for modern workplace nv
M365 reinvinting digital environment for modern workplace nvM365 reinvinting digital environment for modern workplace nv
M365 reinvinting digital environment for modern workplace nvAhmad Almarzouk
 
Build an AppStream 2.0 Environment to Deliver Desktop Applications to Any Com...
Build an AppStream 2.0 Environment to Deliver Desktop Applications to Any Com...Build an AppStream 2.0 Environment to Deliver Desktop Applications to Any Com...
Build an AppStream 2.0 Environment to Deliver Desktop Applications to Any Com...Amazon Web Services
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access ManagementDLT Solutions
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultTom Kerkhove
 
Using AWS Purpose-Built Databases to Modernize your Applications
Using AWS Purpose-Built Databases to Modernize your ApplicationsUsing AWS Purpose-Built Databases to Modernize your Applications
Using AWS Purpose-Built Databases to Modernize your ApplicationsAmazon Web Services
 
AWS SQS for better architecture
AWS SQS for better architectureAWS SQS for better architecture
AWS SQS for better architectureSaurabh Bangad
 

What's hot (20)

Why HATEOAS
Why HATEOASWhy HATEOAS
Why HATEOAS
 
AWS Vs Azure Vs Google Cloud
AWS Vs Azure Vs Google CloudAWS Vs Azure Vs Google Cloud
AWS Vs Azure Vs Google Cloud
 
Windows Virtual Desktop Powered By Microsoft Azure
Windows Virtual Desktop Powered By Microsoft AzureWindows Virtual Desktop Powered By Microsoft Azure
Windows Virtual Desktop Powered By Microsoft Azure
 
Migrating Your Oracle Database to PostgreSQL - AWS Online Tech Talks
Migrating Your Oracle Database to PostgreSQL - AWS Online Tech TalksMigrating Your Oracle Database to PostgreSQL - AWS Online Tech Talks
Migrating Your Oracle Database to PostgreSQL - AWS Online Tech Talks
 
CQRS and Event Sourcing, An Alternative Architecture for DDD
CQRS and Event Sourcing, An Alternative Architecture for DDDCQRS and Event Sourcing, An Alternative Architecture for DDD
CQRS and Event Sourcing, An Alternative Architecture for DDD
 
Data Migration to Azure
Data Migration to AzureData Migration to Azure
Data Migration to Azure
 
(BDT303) Construct Your ETL Pipeline with AWS Data Pipeline, Amazon EMR, and ...
(BDT303) Construct Your ETL Pipeline with AWS Data Pipeline, Amazon EMR, and ...(BDT303) Construct Your ETL Pipeline with AWS Data Pipeline, Amazon EMR, and ...
(BDT303) Construct Your ETL Pipeline with AWS Data Pipeline, Amazon EMR, and ...
 
Aws schema conversion tool
Aws schema conversion toolAws schema conversion tool
Aws schema conversion tool
 
Digital reference architecture in hybrid cloud
Digital reference architecture in hybrid cloudDigital reference architecture in hybrid cloud
Digital reference architecture in hybrid cloud
 
Az 104 session 3 azure compute
Az 104 session 3 azure compute Az 104 session 3 azure compute
Az 104 session 3 azure compute
 
Big data on google cloud
Big data on google cloudBig data on google cloud
Big data on google cloud
 
Data Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish VemuguntaData Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish Vemugunta
 
Overview of Azure Arc enabled Kubernetes
Overview of Azure Arc enabled KubernetesOverview of Azure Arc enabled Kubernetes
Overview of Azure Arc enabled Kubernetes
 
Hybrid- and Multi-Cloud by design - IBM Cloud and your journey to Cloud
Hybrid- and Multi-Cloud by design - IBM Cloud and your journey to CloudHybrid- and Multi-Cloud by design - IBM Cloud and your journey to Cloud
Hybrid- and Multi-Cloud by design - IBM Cloud and your journey to Cloud
 
M365 reinvinting digital environment for modern workplace nv
M365 reinvinting digital environment for modern workplace nvM365 reinvinting digital environment for modern workplace nv
M365 reinvinting digital environment for modern workplace nv
 
Build an AppStream 2.0 Environment to Deliver Desktop Applications to Any Com...
Build an AppStream 2.0 Environment to Deliver Desktop Applications to Any Com...Build an AppStream 2.0 Environment to Deliver Desktop Applications to Any Com...
Build an AppStream 2.0 Environment to Deliver Desktop Applications to Any Com...
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access Management
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
 
Using AWS Purpose-Built Databases to Modernize your Applications
Using AWS Purpose-Built Databases to Modernize your ApplicationsUsing AWS Purpose-Built Databases to Modernize your Applications
Using AWS Purpose-Built Databases to Modernize your Applications
 
AWS SQS for better architecture
AWS SQS for better architectureAWS SQS for better architecture
AWS SQS for better architecture
 

Similar to AD SSO with Oracle Analytics Cloud - Oracle Open World 18

20180605 sso with apex and adfs the weblogic way
20180605 sso with apex and adfs the weblogic way20180605 sso with apex and adfs the weblogic way
20180605 sso with apex and adfs the weblogic waymakker_nl
 
O365Engage17 - Identity in the cloud foundation for o365
O365Engage17 - Identity in the cloud foundation for o365O365Engage17 - Identity in the cloud foundation for o365
O365Engage17 - Identity in the cloud foundation for o365NCCOMMS
 
Integrate Applications into IBM Connections Cloud and On Premises (AD 1632)
Integrate Applications into IBM Connections Cloud and On Premises (AD 1632)Integrate Applications into IBM Connections Cloud and On Premises (AD 1632)
Integrate Applications into IBM Connections Cloud and On Premises (AD 1632)TIMETOACT GROUP
 
Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365InnoTech
 
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision IT
 
Forge - DevCon 2016: From Desktop to the Cloud with Forge
Forge - DevCon 2016: From Desktop to the Cloud with ForgeForge - DevCon 2016: From Desktop to the Cloud with Forge
Forge - DevCon 2016: From Desktop to the Cloud with ForgeAutodesk
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureSparkhound Inc.
 
From desktop to the cloud with forge
From desktop to the cloud with forgeFrom desktop to the cloud with forge
From desktop to the cloud with forgefpm2015
 
Fusion Applications Bare Metal Provisioning - Lessons Learned
Fusion Applications Bare Metal Provisioning - Lessons LearnedFusion Applications Bare Metal Provisioning - Lessons Learned
Fusion Applications Bare Metal Provisioning - Lessons LearnedAndrejs Karpovs
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity managementDavid Pechon
 
Azure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAzure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAnthony Clendenen
 
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision IT
 
[PU&D] Why the Microsoft 365 Administrator should care about the Power Platfo...
[PU&D] Why the Microsoft 365 Administrator should care about the Power Platfo...[PU&D] Why the Microsoft 365 Administrator should care about the Power Platfo...
[PU&D] Why the Microsoft 365 Administrator should care about the Power Platfo...Tomasz Poszytek
 
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Security Conference
 
RightScale Webinar: Get Your App To Azure
RightScale Webinar: Get Your App To AzureRightScale Webinar: Get Your App To Azure
RightScale Webinar: Get Your App To AzureRightScale
 
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentDEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentFelipe Prado
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesMichael Collier
 
CIAOPS Need to Know Azure Webinar - January 2018
CIAOPS Need to Know Azure Webinar - January 2018CIAOPS Need to Know Azure Webinar - January 2018
CIAOPS Need to Know Azure Webinar - January 2018Robert Crane
 
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise DirectoryCause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise Directoryrwgorrel
 

Similar to AD SSO with Oracle Analytics Cloud - Oracle Open World 18 (20)

20180605 sso with apex and adfs the weblogic way
20180605 sso with apex and adfs the weblogic way20180605 sso with apex and adfs the weblogic way
20180605 sso with apex and adfs the weblogic way
 
O365Engage17 - Identity in the cloud foundation for o365
O365Engage17 - Identity in the cloud foundation for o365O365Engage17 - Identity in the cloud foundation for o365
O365Engage17 - Identity in the cloud foundation for o365
 
Integrate Applications into IBM Connections Cloud and On Premises (AD 1632)
Integrate Applications into IBM Connections Cloud and On Premises (AD 1632)Integrate Applications into IBM Connections Cloud and On Premises (AD 1632)
Integrate Applications into IBM Connections Cloud and On Premises (AD 1632)
 
Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365
 
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
 
Forge - DevCon 2016: From Desktop to the Cloud with Forge
Forge - DevCon 2016: From Desktop to the Cloud with ForgeForge - DevCon 2016: From Desktop to the Cloud with Forge
Forge - DevCon 2016: From Desktop to the Cloud with Forge
 
Identity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft AzureIdentity Management for Office 365 and Microsoft Azure
Identity Management for Office 365 and Microsoft Azure
 
From desktop to the cloud with forge
From desktop to the cloud with forgeFrom desktop to the cloud with forge
From desktop to the cloud with forge
 
Fusion Applications Bare Metal Provisioning - Lessons Learned
Fusion Applications Bare Metal Provisioning - Lessons LearnedFusion Applications Bare Metal Provisioning - Lessons Learned
Fusion Applications Bare Metal Provisioning - Lessons Learned
 
O365-AzureAD Identity management
O365-AzureAD Identity managementO365-AzureAD Identity management
O365-AzureAD Identity management
 
Azure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAzure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD Deployment
 
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
 
[PU&D] Why the Microsoft 365 Administrator should care about the Power Platfo...
[PU&D] Why the Microsoft 365 Administrator should care about the Power Platfo...[PU&D] Why the Microsoft 365 Administrator should care about the Power Platfo...
[PU&D] Why the Microsoft 365 Administrator should care about the Power Platfo...
 
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
 
RightScale Webinar: Get Your App To Azure
RightScale Webinar: Get Your App To AzureRightScale Webinar: Get Your App To Azure
RightScale Webinar: Get Your App To Azure
 
AMIS Oracle OpenWorld 2015 Review – part 3- PaaS Database, Integration, Ident...
AMIS Oracle OpenWorld 2015 Review – part 3- PaaS Database, Integration, Ident...AMIS Oracle OpenWorld 2015 Review – part 3- PaaS Database, Integration, Ident...
AMIS Oracle OpenWorld 2015 Review – part 3- PaaS Database, Integration, Ident...
 
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentDEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
 
Using Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management ChallengesUsing Windows Azure for Solving Identity Management Challenges
Using Windows Azure for Solving Identity Management Challenges
 
CIAOPS Need to Know Azure Webinar - January 2018
CIAOPS Need to Know Azure Webinar - January 2018CIAOPS Need to Know Azure Webinar - January 2018
CIAOPS Need to Know Azure Webinar - January 2018
 
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise DirectoryCause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
 

Recently uploaded

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 

Recently uploaded (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 

AD SSO with Oracle Analytics Cloud - Oracle Open World 18

  • 1. Becky Wagner, Sr BI Architect E: bwagner@us-analytics.com T: @Bec_Wagner Active Directory and Single Sign-On with Oracle Analytics Cloud (OAC) October 24th, 2018 Oracle Open World Marquis Nob Hill C/D https://www.us-analytics.com/oac-active-directory-single-sign-on
  • 2. 2 AGENDA OAC Options – Customer Case1 AD Bridge2 SAML 2.0 ADFS3 Direct SSO vs Link4 Trouble Spots5
  • 3. 3 BECKY WAGNER WHO AM I? § Wife; Mother of 3 (ages 16, 13, and 9); § 2nd degree black belt in Tae Kwon Do § Red Cross Blood Drive Coordinator § ODTUG BI Community Leader § Oracle ACE Associate § Sr BI Architect at US-Analytics § 14 years in IT § Email: bwagner@us-analytics.com § Twitter: @Bec_Wagner § LinkedIn: https://www.linkedin.com/in/rebecca-wagner-bb356924/ § IRC Channel (Telegram): #obihackers
  • 4.
  • 5.
  • 6. 3 Membership Tiers • Oracle ACE Director • Oracle ACE • Oracle ACE Associate bit.ly/OracleACEProgram 500+ Technical Experts Helping Peers Globally Connect: Nominate yourself or someone you know: acenomination.oracle.com @oracleace Facebook.com/oracleaces oracle-ace_ww@oracle.com
  • 7. 7 Who is US-Analytics? 80+ EPM and BI professionals with 12+ years of experience. BY THE NUMBERS 19+years in business with continued growth >600clients 1,500+engagements with
  • 8. 8 TECHNOLOGYENERGY FINANCIAL RETAIILHEALTHCARE Sampling of EPM Clients (Project and Support) Approx. 100 Projects Annually
  • 9. 9 AGENDA OAC Options – Customer Case1 SAML 2.0 ADFS3 Direct SSO vs Link4 Trouble Spots5 AD Bridge2
  • 10. 10 • Security is highest priority • Waited to start Project until AD integration • VPNaaS to Palo Alto NextGen Firewalls • Private IP Ranges • Access from within network only • OAC with IDCS (Identity Cloud) • Migrating from OBIEE 11g to OAC • AD integration required (8000+ users, 14000+ groups) • SSO was highly desirable Large Financial Management Customer US-Analytics: Customer Case – Enterprise worthy OAC
  • 11. 11 AGENDA OAC Options – Customer Case1 AD Bridge2 SAML 2.0 ADFS3 Direct SSO vs Link4 Trouble Spots5
  • 12. 12 AD Bridge Besides following the tutorial, what you need: • Must install on Server joined to AD Domain • User with rights to install software • User with the following AD rights • Read for all users and groups in the domain • Read for all OUs • If you are using an AD user specifically setup for this AD Bridge, specific permissions can be found here: • https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/creating- bridge.html • Tutorial for AD Bridge • https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/idcs/idcs _idbridge_obe/idbridge.html
  • 13. 13 AD Bridge - Roadmap 1. Download From IDCS 2. Install On Domain-Joined Server 3. Configure Users and Groups 4. Import in IDCS 5. Verify *Note: OAC comes with IDCS Foundation. AD Bridge is in IDCS Basic.
  • 14. 14 AD Bridge – Detailed Steps Part 1 • Browser - IDCS, navigate to Directory Integration and click Add • Copy the URL, Client ID and Client Secret • Click Download • Click Run and Next, Next, Next • Enter the URL, ID and Secret and Test • If successful, click Next • Enter AD Domain User and Password and Test • If successful, click Next 1:07 1:15 1:52 1:55 2:12 2:21 2:27 2:31
  • 15. 15 AD Bridge – Detailed Steps Part 2 • Browser – IDCS Directory Integration partially configured • Expand OU’s and check appropriate OU for Users • Repeat for groups • Click Attribute Mappings, delete all non-needed, don’t change • Save, Refresh, Import • Verify by clicking on Users tab in left menu 3:07 3:17 3:25 3:32 4:17 5:01
  • 16. 16 AD Bridge, Video Walk-Through https://youtu.be/QbQV-riohVI
  • 17. 17 AD Bridge – The More You Know • Becomes a service. Note that this service is running and starts automatically • Find the AD Bridge Config Utility in C:Program FilesIDBridgeIDBridgeUI.exe • Click on View Logs – Highly important to note log locations • Sync has a limit, will continue at the frequency until fully sync’d • Errors will have details in the logs, like missing email or some other attribute issue
  • 18. 18 AGENDA OAC Options1 Direct SSO vs Link4 Trouble Spots5 SAML 2.0 ADFS3 AD Bridge2
  • 19. 19 ADFS & Single Sign-On – SAML 101 Img from - https://developers.onelogin.com/assets/img/pages/saml/sso-diagram.svg
  • 20. 20 ADFS & Single Sign-On – Detailed Steps Part 1 1. Download ADFS Metadata File • https://adfs.contoso.com/FederationMetadata/2007-06/FederationMetatdata.xml • XML files have tags, if browser doesn’t show them, right click and view source, then save 2. IDCS Identity Provider Setup • Add SAML IDP • Name, Next, Upload FederationMetadata.xml, Requested NameID – Email Addr, Next, Finish • Don’t click Export – Use the following URL to download IDCS metadata XML • https://MYTENANT.identity.oraclecloud.com/fed/v1/metadata?adfsmode=true Tutorial: https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/idcs/idcs_adfs_obe/adfs.html 0:23 1:40
  • 21. 21 ADFS & Single Sign-On – Detailed Steps Part 2 3. In AD FS management console add a Relying Party Trust • Import Metadata.xml, Next, Name, Next Next Next Next, Finish • Add Claim Rules 1. Send LDAP Attributes as Claims, Name - Email, Attribute Store - Active Directory, LDAP Attribute - Email Addresses and Outgoing Claim Type – Email Address 2. Transform an Incoming Claim, Name – Name ID, Incoming – Email Address, Outgoing claim – Name ID, Outgoing format – Email 4. IDCS Configuration • Drop down – select Activate, Drop down again – select Show on Login Page • IDP Policies – Click Default and then Assign new ADFS Tutorial: https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/idcs/idcs_adfs_obe/adfs.html 2:43 4:20
  • 22. 22 ADFS & Single Sign-On, Video Walk-Through https://youtu.be/FcULyV0mgFs
  • 23. 23 AGENDA OAC Options1 SAML 2.0 ADFS3 Direct SSO vs Link4 Trouble Spots5 2 AD Bridge
  • 24. 24 Removing Local Logins Oracle Support Doc ID 2438952.1 OAC/OAAC: How To Disable IDCS Chooser Login Page and Get Redirected to Custom SSO Login Page Directly in Oracle Analytics Cloud(OAC) Once everything has been confirmed working for SSO link on login page: • IDP Policies • Remove ADFS from ‘Default Identity Provider Policy’ • Create new IDP Policy • Assign ADFS to Policy • Assign OAC Application(s) • Configure Application for Redirect URL • Can be any URL (www.oracle.com), and doesn’t actually affect behavior 0:12 0:26 1:05
  • 25. 25 Removing Local Logins, Video Walk-Through https://youtu.be/Hg5EKV2nmnM
  • 26. 26 AGENDA OAC Options1 SAML 2.0 ADFS3 Direct SSO vs Link4 Trouble Spots5 2 AD Bridge
  • 27. 27 Things to be on the lookout for Trouble Spots and Lessons Learned ADFS Direct SSOAD Bridge • Sometimes logs stop while still showing Active in IDCS and service shows running in Windows • Logs path not in documentation, use ADBridge Application and View Logs. • While checking OUs, be sure to expand and check lower levels (Default now) • Username - Email • IDCS uses SAML 2.0, for Win 2016 we had to get a different ADFS xml file • Don’t download the Export IDCS metadata. ADFS needs a special format. Can get from URL: • https://DOMAIN.oracle cloud.com/fed/v1/met adata?adfsmode=true • Security wants users to be authenticated by AD only • EM, RPD Admin Tool, Weblogic Console, still direct login – Can’t use AD users • Configure IDP Policy • Sign Out redirects to OAC DV, still signed in. Can configure ADFS global sign-out then IDCS sign out URL
  • 28. 28 11g Migration User Folder name change Account Rename
  • 29. 29 § Remove IDCS Chooser Page § Still need local login for EM and Weblogic Console and RPD Admin Tool RECAP OAC Options AD Bridge SAML 2.0 ADFS Direct SSO or Link § Security Sensitive § IDCS Private IP § Allows for AD and SSO integration § Local AD Domain joined Server § Find your logs § Find your ADFS buddy § Sign Out – redirects to DV § Claim Rules only worked with Email Getting Fancy: HA AD Bridge – Docker style https://www.oracle.com/technetwork/articles/idm/gutierrez-idcs-idbridge-3960710.html
  • 30. Becky Wagner, Sr BI Architect E: bwagner@us-analytics.com T: @Bec_Wagner Questions? October 24th, 2018 Marquis Nob Hill C/DOracle Open World https://www.us-analytics.com/oac-active-directory-single-sign-on