Skip to main content
The Oracle Identity Cloud Service connector integrates the Maverics Orchestrator with Oracle IDCS using the OpenID Connect protocol — enabling OIDC-based single sign-on for your applications.
Console terminology: In the Maverics Console, this section is called Identity Fabric. The YAML configuration uses the connectors key to define identity provider integrations.

Overview

The Oracle Identity Cloud Service connector supports standard OIDC flows via Oracle IDCS’s OpenID Connect endpoints. The Orchestrator communicates with Oracle IDCS through standard OIDC discovery — no provider-specific configuration is required beyond the well-known URL.

Use Cases

  • Unify SSO across Oracle and non-Oracle apps — Extend Oracle IDCS authentication to legacy and on-premises applications that don’t support modern identity protocols, creating a unified SSO experience across your Oracle Cloud and hybrid environments
  • Rationalize identity platforms — Orchestrate migration from Oracle IDCS to a strategic IdP or consolidate Oracle IDCS with other providers, reducing licensing costs while maintaining application access
  • Oracle Cloud resilience — Configure Oracle IDCS as a primary or failover IdP alongside other providers, ensuring authentication continuity for Oracle-dependent workloads during outages
  • Hybrid Oracle environments — Bridge Oracle IDCS-managed identities with applications running outside the Oracle Cloud ecosystem through identity orchestration

Configuration

To create an Oracle Identity Cloud Service (OIDC) connector in the Maverics Console:
  1. Navigate to Identity Fabric in the Console sidebar.
  2. Click Create and select Oracle Identity Cloud Service (OIDC).
  3. Enter a Name — this is the friendly name that identifies your Oracle IDCS provider.
  4. Enter the OIDC Well Known URL — for Oracle IDCS, this follows the pattern https://{idcs-instance}.identity.oraclecloud.com/.well-known/openid-configuration.
  5. Enter the OAuth Client ID — the client ID from your Oracle IDCS application registration.
  6. Enter the OAuth Client Secret — the client secret from your Oracle IDCS application registration.
  7. Under Redirect URLs, add the callback URL where Oracle IDCS will redirect after authentication. This URL must match the Redirect URL configured in your IDCS application.
  8. Optionally configure Logout Callback URLs for single logout support.
  9. Optionally set Scopes (space-separated). Default scopes are typically openid profile email.
  10. The PKCE toggle is enabled by default. Disable it only if your Oracle IDCS application is not configured to support Proof Key for Code Exchange.
  11. Optionally enable Offline Access for token refresh support (Proxy apps only).
  12. Click Save.

Troubleshooting

  • Verify the oidcWellKnownURL is accessible from the Orchestrator host — ensure the IDCS instance name is correct and the URL resolves to the Oracle IDCS discovery document
  • Ensure the oauthRedirectURL matches exactly what is registered in the Oracle IDCS application under Redirect URLs
  • Check that the client secret reference resolves correctly via your secret provider
  • Verify IDCS application is activated — Oracle IDCS applications must be in an active state before they can process authentication requests

Identity Fabric

Overview of all identity providers

Generic OIDC

Generic OpenID Connect connector

Oracle Universal Directory

LDAP-based connector for Oracle Universal Directory

Continuity

IdP failover connector