Oracle

The configuration is performed in the OCI Console under Identity and Security → Domains → Security → Identity Providers. Oracle supports uploading an IdP metadata XML file or entering IdP details manually. After 1Kosmos is added as an identity provider, it must be activated and assigned to a sign-on policy before it takes effect for user logins.

For Oracle Identity Cloud Service (standalone IDCS), the equivalent configuration path is in the IDCS Admin Console under Security → Identity Providers → Add SAML IDP. Both paths follow the same SAML 2.0 federation pattern.

Prerequisites

• Active 1Kosmos tenant: Administrator access to the AdminX portal. Contact 1kosmos.com/contact if not yet provisioned.

• Oracle Cloud Infrastructure administrator access: IAM admin role or domain administrator role to configure identity providers in an OCI Identity Domain.

• User accounts in Oracle Identity Domain: Users must exist in the OCI Identity Domain with usernames or email addresses matching their 1Kosmos records. SAML user matching in OCI is based on NameID.

• 1Kosmos mobile app installed: Users must have the app on iOS or Android with biometrics enrolled before testing.

Configuration values

Values to collect from 1Kosmos AdminX (IdP) for Oracle Cloud:

Values to collect from Oracle (SP) for AdminX:

Integration steps

Step 1: Export Oracle SP metadata

• Log in to the OCI Console and navigate to Identity and Security → Domains. Select the identity domain you are configuring.

• Navigate to Security → Identity Providers and open an existing entry or begin adding a new one. In the Export SAML Metadata section, download the SP metadata XML file. This file contains the ACS URL and Entity ID required for AdminX.

Step 2: Add Oracle as a SAML application in AdminX

• Log in to the AdminX portal and navigate to Applications → Add Application.

• Select SAML 2.0 Generic and click Add integration. Enter "Oracle Cloud" as the Application Name and the OCI console URL as the Application Access URL.

• Set NameID Format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress and NameID Value to email. Add claims for email and username. Enable Assertion signing.

• Enter the Oracle SP Entity ID and ACS URL from the exported metadata. Click Save.

Step 3: Register 1Kosmos as a SAML IdP in OCI

• In the OCI Console Identity Domain, navigate to Security → Identity Providers and click Add SAML IdP.

• Enter a name for the identity provider (e.g., "1Kosmos").

• Under Configure, select Import Metadata and upload the 1Kosmos SAML metadata XML file, or select Enter Metadata and manually enter the IdP Entity ID, SSO URL, and paste the signing certificate.

• Under Map, configure attribute mappings: map the 1Kosmos NameID to the Oracle Identity Domain Username attribute.

• Click Save, then click Activate to activate the identity provider.

Step 4: Add the IdP to a sign-on policy

• Navigate to Security → Sign-on Policies in the Identity Domain.

• Edit the Default Identity Provider Policy and add 1Kosmos to the Assign Identity Providers list.

• Save the policy.

Step 5: Test the integration

• Navigate to the OCI console URL for your tenant (e.g., https://console.[region].oraclecloud.com/?tenant=[tenantid]).

• Select 1Kosmos from the Identity Provider dropdown. You will be redirected to 1Kosmos. Authenticate biometrically and confirm you are returned to the OCI console.

Attribute mappings

Integration notes

Activating the SAML identity provider in OCI is a two-step process: creating the IdP entry and then activating it. An unactivated IdP will not appear as a login option for users.

Additionally, including the IdP in the sign-on policy is required before it is presented to users at the OCI login screen.

If users are not seeing the 1Kosmos option during login, verify that the identity provider status is Active and that the sign-on policy correctly lists 1Kosmos in the assigned identity providers.