In this project based on a real scenario, I was responsible for designing and implementing a MultiCloud architecture, by performing MultiCloud federation of users and groups between Azure Active Directory and OCI IAM.
There were multiple users who needed to authenticate to both Microsoft Azure and Oracle Cloud Infrastructure using the same login and password (single sign-on) to access resources.
Once the integration was implemented in Oracle Cloud Infrastructure, the mapping of users and groups was directly related to users and groups in Microsoft Azure through the federation service.
- Microsoft Azure Account
- OCI Account
Tools & Technology
- Azure Active Directory
- OCI IAM
Project Implementation Phases
1 – Azure AD > Usage & Insights > Start a free Premium Trial > Enterprise Mobility + Securityes > Activate
2 – OCI Console > Identity & Security > Groups > Administrators
3 – OCI Console > Identity & Security > Federation > Download XML document that describes Oracle Infrastructure endpoint and certificate information
4 – Azure AD > Groups > New Group > Group Name > Administrators > Members > Add members > Select
5 – Azure AD > Enterprise applications > New application > Select Oracle Cloud Infrastructure Console > Create > Single sign-on > Select SAML > Click on Upload metadata file > Select file > Add > Enter a sign on URL from OCI > Save > Edit second box > Unique User Identifier (Name ID) > Choose name identifier format = Persistent > Save > Add a group claim > Security groups > Check customize the name of the group claim > Name = groupName > Save > Click on overview
6 – Azure AD > Single sign-on > Download the Federation Metadata XML on third box
7 – Azure AD > Users and groups > Add user > Select Administrators > Select > Assign
8 – Azure AD > Default Directory > Groups > Click on Administrators > Copy Object ID
9 – OCI Console > Identity & Security > Federation > Add Identity Provider > Name = AzureActiveDirectory > Upload XML file from Azure > Continue > Identity Provider Group = <Object ID from Azure> and OCI Group = Administrators > Add Provider
10 – Sign Out from OCI > Try to Login In with the Federation User > Identity Provider = azureactivedirectory > Continue > Email + password from Azure > Congratulations!