Oracle EBS SSO Integration with IDCS: Mystery Demystified

Oracle E-Business Suite is a widely used application by thousands of customers. Oracle EBS SSO is highly recommended for Improved Oracle EBS Security and delivering a transparent, better user experience. SSO is one of the mandatory requirements for IT Security Audits in Oracle E-Business Suite.

Traditional Approach

Oracle EBS SSO is traditionally enabled with Oracle Access Manager (OAM) and either Oracle Internet Directory (OID) or Oracle Unified Directory (OUD) which is what Oracle recommends for EBS SSO. The diagram below shows a summary of this approach as described in this Oracle Note.

This is a standard, Oracle certified approach which is complex and involves multiple components. For SSO you need to deploy Access Manager, a Directory (OID or OUD), a WebGate, an AccessGate, and integrate each one of these with EBS. Both EBS 11i and 12.x require all these components. Traditional SSO Implementation challenges of procuring SSO software and hardware create longer implementation cycles and run-time issues such as production SSO outages. All of these additional components also need to go through the maintenance cycle of patching, upgrading, and more. And not to forget this also requires configuration changes and scripts to be run at EBS level as well. For some customers, this additional complexity has led to not implementing SSO, resulting in the user experience suffering.

New Cloud Approach

The good news is, there is now a simpler option available which will still enable that streamlined user experience you require, without the need to deploy and manage all the above components, and without the need to make significant configuration changes within EBS, such as configuring the integration with OID or OUD.

This can be achieved using the Oracle Identity Cloud Service which is Oracle’s cloud-based Identity platform. This enables SSO to a standard installation of EBS through its EBS Asserter. The figure below shows this simplified integration.

Since IDCS is Oracle’s cloud-based platform it requires no installation. As a cloud-based identity platform, IDCS requires no installation. It takes care of authentication and authorization and also supports multi-factor authentication, adaptive authentication, and more. IDCS is natively highly available and hence there is no need for DR instances or manually controlled fail-over strategy. The only component that requires maintenance is the EBS asserter which acts as an interface between IDCS and EBS.

The Oracle links below describe how easy it is to setup SSO for EBS with IDCS:

  • Configure Oracle EBS to use Oracle IDCS for SSO (tutorial)
  • Oracle IDCS: Integrating with Microsoft AD (tutorial)
  • Oracle IDCS: Integrating with Microsoft AD FS (tutorial)
  • Setting up Federation between Okta and Oracle IDCS (tutorial)

It is also easy to extend the use of IDCS to other web-based and cloud-based applications. IDCS also provides the option to use multi-factor authentication for an additional layer of security.

The diagram below shows how IDCS can be federated with Okta and SSO for EBS.

Conclusion:

In conclusion, IDCS provides a simplified topology and administration to deliver SSO to EBS. You can consider this option to simplify your existing EBS deployment that is already integrated with Access Manager, or if you are looking for a simpler way to enable SSO for EBS.

 

Did you find this article helpful? Still have questions? Contact Centroid to learn more about this topic and learn how the Oracle experts at Centroid can help.