Connect Oracle SAML

Learn how to configure a new Oracle SAML SSO Connection

Introduction

Each SSO Identity Provider requires specific information to create and configure a new Connection. Often, the information required to create a Connection will differ by Identity Provider.

To create an Oracle SAML Connection, you'll need the Identity Provider Metadata URL that is available from your Enterprise customer's Oracle SAML instance.

WorkOS Provides

WorkOS provides the ACS URL and the SP Entity ID. They are readily available in your Connection's Settings in the WorkOS Dashboard.

The ACS URL is the location an Identity Provider redirects its authentication response to. The SP Entity ID is a URI used to identify the issuer of a SAML request, response, or assertion.

Overview

And then, you provide the IdP Metadata URL.

Normally, this will come from your Enterprise customer's IT Management team when they set up your application's SAML configuration in their Oracle instance. But, should that not be the case during your setup, here's how to obtain it.

1

Configure SAML Application with Service Provider Details

Follow the Oracle Cloud documentation to create a new SAML application.

Copy and paste the ACS URL and SP Entity ID into the corresponding fields for Service Provider details and configuration.

In the Advanced Settings of the SSO Configuration page, ensure that you select Signed SSO for Assertion and Response, and Include Signing Certificate in Signature.

2

Configure SAML Attributes

Expand the Attribute Configuration section on the SSO Configuration page and add the following 4 required attributes: firstName, lastName, email, and id.

Ensure the following attribute mapping is set:

  • A user's first name -> firstName
  • A user's last name -> lastName
  • A user's email address -> email
  • A unique identifier representing a user -> id
3

Obtain Identity Provider Metadata

Obtain the IdP Metadata URL following the instructions from Oracle.

NOTE: Alternatively, you can manually configure the connection by providing the IdP URI (Entity ID), IdP SSO URL and X.509 Certificate.

Your Connection will then be Active and good to go!