You're viewing OCI IAM documentation for new tenancies in regions that have been updated to use identity domains.
Was my region updated?

Oracle Cloud Infrastructure Documentation

Adding an App Catalog Application

Add an application from the App Catalog to an identity domain in IAM.

Oracle creates and maintains the App Catalog, which is a collection of application templates, and provides step-by-step instructions on how to configure most of the popular software-as-a-service (SaaS) applications, such as Amazon Web Services and Google Suite.

The configuration options for each Application Catalog application can differ slightly. The steps in this task are for a basic configuration.

  1. On the Integrated applications list page, select Add application. If you need help finding the list page, see Listing Applications.
  2. In the Add application window, select Application Catalog, and then Launch app catalog.
  3. Find the application that you want by choosing a category (predefined by Oracle), searching for the application name, or selecting an integration filter. By default, all applications are shown.
  4. Select the application that you want to add.
  5. Enter a name and optional description for the application.
    Note

    For applications with lengthy names, the application name appears truncated in the My Apps page. Consider keeping application names as short as possible.

  6. (Optional) If applicable, enter a custom sign-in URL, which is URL to which users are redirected to sign in. If you're using a default sign-in page provided by Oracle, leave this field blank.
  7. (Optional) If applicable, enter a custom sign-out URL, which is the URL to which users are directed after the sign-out process. If you're using a default sign-in page provided by Oracle, leave this field blank.
  8. (Optional) In the Custom error URL field, enter the error page URL to which a user is redirected, after a failure. If you don't provide a value, the tenant-specific error page URL is used. If neither of those error URLs is configured, then the user is redirected to the IAM error page (/ui/v1/error).

    When a user tries to use social authentication (for example, Google or Facebook) to log into IAM, the custom social linking callback URL must be configured in the Custom error URL field. Social providers need this callback URL to call IAM and send the response back after social authentication. The provided callback URL is used to verify whether the user exists or not (after first-time social login), and displays an error if the social authentication has failed.

  9. In the Custom social linking callback URL field, enter the URL that IAM can redirect to after the linking of a user between social providers and IAM is complete.

    When you create a custom app using the IAM custom SDK and integrate with IAM social login, the custom app needs to have the custom social linking callback URL.

  10. In the Display settings section, select Display in My Apps.
    Important

    You must select this option for the app to be visible on the My Apps page.

    Selecting this option doesn't enable or disable SSO to the app. The flag to enable or disable SSO comes from the app template.

  11. If you want the app to be listed in the Catalog, select User can request access.

    This option allows end users to request access to applications from their My Apps page by selecting Add and then selecting the app from the Catalog.

    Tip

    Don't forget to activate the application so that users can request access.
  12. In the Authentication and authorization section, select Enforce grants as authorization if you want to allow access to this app only if the user has been granted this app.
  13. Select Show advanced options to add tags to the application.
    If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.
  14. Perform one of the following actions, depending on the application.
    • Select Create application. The application is added in a deactivated state. Skip to step 21.
    • Select Next and configure SSO.
  15. To import the IAM signing signature into the application, select Download signing certificate. This certificate is used by the SAML application to verify that the SAML assertion is valid.

    To get the issuing IAM root certificate, see Getting the Root CA Certificate.

  16. To import the IAM identity provider metadata into the application, select Download identity provider metadata. The SAML application needs this information so that it can trust and process the SAML assertion that's generated by IAM as part of the federation process. This information includes, for example, profile and binding support, connection endpoints, and certificate information.
  17. Complete the General, Additional configurations, and Attribute configuration sections, as necessary.
  18. Under Resources, select Users to assign users to the application, and select Groups to assign groups to the application.
The applications you assign to a user are displayed on the user's My Apps page. Newly assigned applications and applications that a user hasn't yet accessed appear first in the application list and have an asterisk icon in the application tile. The icon appears on the tile until the user accesses the application.