Skip Navigation
Expand
Single Sign-On Agent Login Process
Answer ID 5197   |   Last Review Date 07/23/2019

What is the process when an agent logs in and identity provider initiated single sign on is setup?

Environment:

August 2014 and newer, Single Sign-On (SSO)

Resolution:

The following process occurs when single sign-on is enabled for agents who work in the Oracle Service Cloud console.

1. An agent enters a user name and password to log in to the organization’s identity provider (such as a PingFederate Server-based application). When the information is verified, the agent is logged in to the identity provider.

2. The identity provider displays a list of service providers, including Oracle Oracle Service Cloud, that the agent can connect to.

3. The agent selects Oracle Service Cloud.

4. The identity provider generates a signed SAML 2.0 assertion using the account login, email address, account ID, or a staff account custom field as the assertion subject. Refer to Identifying the SAML subject for agent login.

5. The identity provider then submits the assertion to the Oracle Oracle Service Cloud SSO launch page using HTTP POST binding (since that is the only binding method Oracle Service Cloud supports). The SSO launch page is similar to the standard launch page except that it automatically starts the ClickOnce URL, which logs the agent in after validation.

6. Oracle Service Cloud decodes and verifies the assertion and validates the account by confirming that the assertion matches an account in the Oracle Service Cloud database.

7. Oracle Service Cloud redirects the agent to the ClickOnce URL, which signals the installer to use the SSO login instead of the standard login, and passes the necessary parameters for automatic login.

8. Oracle Service Cloud verifies the account using the parameters of the ClickOnce URL for authentication. If necessary, Oracle Service Cloud is downloaded and installed. The application is then launched, and the agent is logged in to the Oracle Service Cloud Console.

Beginning in May 2015, Service Provider Initiated login is supported.

Third-Party Identity Provider flow chart: User logs into third party provider > Identity authenticated > connection to OSvC or CP > Identity provider sends assertion to OSvC > OSvC verifies > OSvC verifies account > agent logged in


For additional information, refer to the 'Single Sign-on Support in Oracle Service Cloud' section in online documentation for the version your site is currently running. To access Oracle Service Cloud manuals and documentation online, refer to the Documentation for Oracle Service Cloud Products.

Available Languages for this Answer:

Notify Me
The page will refresh upon submission. Any pending input will be lost.