Configure Microsoft Entra multifactor authentication and SSO for Oracle PeopleSoft applications using Datawiza Access Proxy - Microsoft Entra ID (2024)

In this tutorial, learn how to enable Microsoft Entra single sign-on (SSO) and Microsoft Entra multifactor authentication for an Oracle PeopleSoft application using Datawiza Access Proxy (DAP).

Learn more: Datawiza Access Proxy

Benefits of integrating applications with Microsoft Entra ID using DAP:

• Embrace proactive security with Zero Trust - a security model that adapts to modern environments and embraces hybrid workplace, while it protects people, devices, apps, and data
• Microsoft Entra single sign-on - secure and seamless access for users and apps, from any location, using a device
• How it works: Microsoft Entra multifactor authentication - users are prompted during sign-in for forms of identification, such as a code on their cellphone or a fingerprint scan
• What is Conditional Access? - policies are if-then statements, if a user wants to access a resource, then they must complete an action
• Easy authentication and authorization in Microsoft Entra ID with no-code Datawiza - use web applications such as: Oracle JDE, Oracle E-Business Suite, Oracle Sibel, and home-grown apps
• Use the Datawiza Cloud Management Console (DCMC) - manage access to applications in public clouds and on-premises

Scenario description

This scenario focuses on Oracle PeopleSoft application integration using HTTP authorization headers to manage access to protected content.

In legacy applications, due to the absence of modern protocol support, a direct integration with Microsoft Entra SSO is difficult. Datawiza Access Proxy (DAP) bridges the gap between the legacy application and the modern ID control plane, through protocol transitioning. DAP lowers integration overhead, saves engineering time, and improves application security.

Scenario architecture

The scenario solution has the following components:

• Microsoft Entra ID - identity and access management service that helps users sign in and access external and internal resources
• Datawiza Access Proxy (DAP) - container-based reverse-proxy that implements OpenID Connect (OIDC), OAuth, or Security Assertion Markup Language (SAML) for user sign-in flow. It passes identity transparently to applications through HTTP headers.
• Datawiza Cloud Management Console (DCMC) - administrators manage DAP with UI and RESTful APIs to configure DAP and access control policies
• Oracle PeopleSoft application - legacy application to be protected by Microsoft Entra ID and DAP

Learn more: Datawiza and Microsoft Entra authentication architecture

Prerequisites

Ensure the following prerequisites are met.

• An Azure subscription
  • If you don't have one, you can get an Azure free account
• A Microsoft Entra tenant linked to the Azure subscription
  • See, Quickstart: Create a new tenant in Microsoft Entra ID
• Docker and Docker Compose
  • Go to docs.docker.com to Get Docker and Install Docker Compose
• User identities synchronized from an on-premises directory to Microsoft Entra ID, or created in Microsoft Entra ID and flowed back to an on-premises directory
  • See, Microsoft Entra Connect Sync: Understand and customize synchronization
• An account with Microsoft Entra ID and the Application Administrator role
  • See, Microsoft Entra built-in roles, all roles
• An Oracle PeopleSoft environment
• (Optional) An SSL web certificate to publish services over HTTPS. You can use default Datawiza self-signed certs for testing.

Getting started with DAP

To integrate Oracle PeopleSoft with Microsoft Entra ID:

1. Sign in to Datawiza Cloud Management Console (DCMC).

2. The Welcome page appears.

3. Select the orange Getting started button.

   

4. In the Name and Description fields, enter information.

   

5. Select Next.

6. The Add Application dialog appears.

7. For Platform, select Web.

8. For App Name, enter a unique application name.

9. For Public Domain, for example use https://ps-external.example.com. For testing, you can use localhost DNS. If you aren't deploying DAP behind a load balancer, use the Public Domain port.

10. For Listen Port, select the port that DAP listens on.

    See Also

    Implementing PeopleSoft-Only Single SignonHow PeopleSoft Single Signon Works? | PeopleSoft TutorialminiOrange Identity and Access ManagementEvaluating a PeopleSoft Single Sign-On (SSO) Solution: 6 Questions to Ask your Vendor

11. For Upstream Servers, select the Oracle PeopleSoft implementation URL and port to be protected.

12. Select Next.
13. On the Configure IdP dialog, enter information.

14. Select Create.

15. The DAP deployment page appears.
16. Make a note of the deployment Docker Compose file. The file includes the DAP image, the Provisioning Key and Provision Secret, which pulls the latest configuration and policies from DCMC.

SSO and HTTP headers

DAP gets user attributes from the identity provider (IdP) and passes them to the upstream application with a header or cookie.

The Oracle PeopleSoft application needs to recognize the user. Using a name, the application instructs DAP to pass the values from the IdP to the application through the HTTP header.

1. In Oracle PeopleSoft, from the left navigation, select Applications.

2. Select the Attribute Pass subtab.

3. For Field, select email.

4. For Expected, select PS_SSO_UID.

5. For Type, select Header.

   

   Note

   This configuration uses Microsoft Entra user principal name as the sign-in username for Oracle PeopleSoft. To use another user identity, go to the Mappings tab.

   

SSL Configuration

1. Select the Advanced tab.

   

2. Select Enable SSL.

3. From the Cert Type dropdown, select a type.

   See Also

   PeopleSoft SSO – Single Sign On Implementation

   

4. For testing the configuration, there's a self-signed certificate.

   

   Note

   You can upload a certificate from a file.

   

5. Select Save.

Enable Microsoft Entra multifactor authentication

To provide more security for sign-ins, you can enforce Microsoft Entra multifactor authentication.

Learn more: Tutorial: Secure user sign-in events with Microsoft Entra multifactor authentication

1. Sign in to the Microsoft Entra admin center as a Application Administrator.
2. Browse to Identity > Overview > Properties tab.
3. Under Security defaults, select Manage security defaults.
4. On the Security defaults pane, toggle the dropdown menu to select Enabled.
5. Select Save.

Enable SSO in the Oracle PeopleSoft console

To enable SSO in the Oracle PeopleSoft environment:

1. Sign in to the PeopleSoft Console http://{your-peoplesoft-fqdn}:8000/psp/ps/?cmd=start using Admin credentials, for example, PS/PS.

   

2. Add a default public access user to PeopleSoft.

3. From the main menu, navigate to PeopleTools > Security > User Profiles > User Profiles > Add a New Value.

4. Select Add a new value.

5. Create user PSPUBUSER.

6. Enter the password.

   

7. Select the ID tab.

8. For ID Type, select None.

   

9. Navigate to PeopleTools > Web Profile > Web Profile Configuration > Search > PROD > Security.

10. Under Public Users, select the Allow Public Access box.

11. For User ID, enter PSPUBUSER.

12. Enter the password.

    

13. Select Save.

14. To enable SSO, navigate to PeopleTools > Security > Security Objects > Signon PeopleCode.

15. Select the Sign on PeopleCode page.

16. Enable OAMSSO_AUTHENTICATION.

17. Select Save.

18. To configure PeopleCode using the PeopleTools application designer, navigate to File > Open > Definition: Record > Name: FUNCLIB_LDAP.

19. Open FUNCLIB_LDAP.

    

20. Select the record.

21. Select LDAPAUTH > View PeopleCode.

22. Search for the getWWWAuthConfig() function Change &defaultUserId = ""; to &defaultUserId = PSPUBUSER.

23. Confirm the user Header is PS_SSO_UID for OAMSSO_AUTHENTICATION function.

24. Save the record definition.

    

Test an Oracle PeopleSoft application

To test an Oracle PeopleSoft application, validate application headers, policy, and overall testing. If needed, use header and policy simulation to validate header fields and policy execution.

To confirm Oracle PeopleSoft application access occurs correctly, a prompt appears to use a Microsoft Entra account for sign-in. Credentials are checked and the Oracle PeopleSoft appears.

Next steps

• Video: Enable SSO and MFA for Oracle JD Edwards with Microsoft Entra ID via Datawiza
• Tutorial: Configure Secure Hybrid Access with Microsoft Entra ID and Datawiza
• Tutorial: Configure Azure AD B2C with Datawiza to provide secure hybrid access
• Go to docs.datawiza.com for Datawiza User Guides