Oracle IDCS Authentication


Organizations utilizing Oracle Identity Cloud Service (IDCS) can configure ScaleFT to authenticate against IDCS using SAML.

Creating a Team

SAML can only be configured in ScaleFT during signup, so to get started using IDCS authentication create a new team and choose SAML authentication when prompted.

IDCS Configuration

Once you reach the SAML configuration step in the ScaleFT signup process you’ll need to add ScaleFT to IDCS.

To add ScaleFT to IDCS log in to IDCS as an administrator, browse to Applications, click “Add” and choose “SAML Application”. Give the application a name (typically “ScaleFT”) and optionally an icon.

Give the application a Custom Login URL of https://app.scaleft.com/t/<teamName> where <teamName> is the ScaleFT team name you chose during signup.

Leave the other fields blank then click “Next”.

Add SAML Application: General

On the next page of the Oracle IDCS SAML wizard enter the following values in the “General” section:

  • Entity ID - use the “Service Provider Entity ID” from the ScaleFT SAML configuration form
  • Assertion Consumer URL - use the “Assertion Consumer Service URL” from the ScaleFT SAML configuration form
  • NameID Format - choose “Persistent”
  • NameID Value - chooser “User Name”
  • Signing Certificate - leave this blank

Add SAML Application: Advanced Settings

Under “Advanced Settings” enter the following:

  • Signed SSO - choose “Response”
  • Include Signing Certificate in Signature - leave this unchecked
  • Signature Hashing Algorithm - choose “SHA-256”
  • Enable Single Logout - uncheck this
  • Encrypt Assertion - leave this unchecked

Add SAML Application: Attribute Configuration

Under “Attribute Configuration” add the following User Attributes:

  • Login - Format “Basic”, User Attribute “User Name”
  • Email - Format “Basic”, User Attribute “Primary Email”
  • FirstName - Format “Basic”, User Attribute “First Name”
  • LastName - Format “Basic”, User Attribute “Last Name”

Leave Group Attributes unconfigured.

Now, click “Finish” in the top right of the “Add SAML Application” screen.

IDCS User Assignment

In order to complete ScaleFT signup you will need to log in via IDCS. This means your IDCS application will need to be active and you will need to be assigned to it. To accomplish this:

  1. Click “Activate” in the top right, and click through the confirmation dialog
  2. Choose the “Users” tab on the application configuration in IDCS
  3. Click “Assign Users”
  4. Assign yourself to the application

ScaleFT SSO Configuration

Once you’ve configured ScaleFT in IDCS, you’ll need to enter several values from IDCS in the ScaleFT SAML configuration form.

First, browse to the SSO Configuration tab in IDCS and click “Download Signing Certificate” and “Download Identity Provider Metadata”.

Open the Identity Provider Metadata file in a text editor and use the information it contains to fill the following fields in the ScaleFT SAML Configuration:

  • Identity Provider SSO URL - Look for an element called SingleSignOnService with Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", and use the value of the Location attribute (for example: https://idcs-306a76f5f5324419b1bb5a272188bcec.identity.oraclecloud.com/fed/v1/idp/sso)
  • Identity Provider Entity ID - On the first line of the metadata file, use the entityID attribute of the EntityDescriptor (for example: https://idcs-306a76f5f5324419b1bb5a272188bcec.identity-test.oraclecloud.com/fed)

Next, copy the text of the signing certificate and paste it into the Identity Provider x.509 Certificate field in ScaleFT.

Attribute Mapping

In this section of the ScaleFT configuration you will need to input the names of the attributes you configured in IDCS:

  • Login
  • Email
  • FirstName
  • LastName

Note: you will need to enter the names of each of these attributes into ScaleFT even if identical helper text already appears in the fields.

Completing Signup

It is a good idea to look over your IDCS configuration before clicking “Authenticate with SAML”. You should see:

  1. A “Deactivate” button in the top right corner of IDCS indicating that the app is active
  2. Email, Login, FirstName and LastName attributes listed under Attribute Configuration
  3. At least yourself listed on the Users tab

Once you’re satisfied with your configuration click “Authenticate with SAML” in ScaleFT to complete signup.