Siebel Security Guide > Web Single Sign-On Authentication >

About Web Single Sign-On

In a Web SSO implementation, users are authenticated by a third-party authentication system at the Web-site level. Siebel Business Applications do not provide Web SSO authentication capabilities; they do, however, support this mode of authentication by providing an interface that allows a third-party Web SSO system to pass user information to a Siebel application. Once authenticated by the third party, a user does not have to explicitly log into the Siebel application.

Web SSO allows you to deploy Siebel Business Applications into existing Web sites or portals. Web SSO architecture is appropriate for Web sites on which only approved registered users can gain access to sensitive data, such as a Web site on which you share data with your channel partners.

Web SSO authentication does not apply to the Siebel Mobile Web Client. When connecting to the local database using Siebel Mobile Web Client, mobile users must use local database authentication. For a particular Siebel application, when users connect from the Siebel Developer Web Client to the server database, the authentication mechanism must be the same as that used for Siebel Web Client users. For information about authentication options for local database synchronization for mobile users, see Siebel Remote and Replication Manager Administration Guide.

If you are using Oracle's Siebel CRM Desktop applications, then you can implement CRM Desktop Single Sign-On. CRM Desktop SSO allows you to implement Single Sign-On for the CRM Desktop client, and can be customized to support your existing Web Single Sign-On implementation. For information, see Siebel CRM Desktop for IBM Lotus Notes Administration Guide and Siebel CRM Desktop for Microsoft Outlook Administration Guide.

Web Single Sign-On Limitations

In Web SSO deployments, user authentication and user management are the responsibility of the third-party security infrastructure. As a result, certain capabilities are not available, as Siebel Business Applications features, in a Web SSO environment.

In a Web SSO environment, the following features are not available:

• User self-registration
• Delegated administration of users
• Login forms
• Logout links or the Log Out menu item in the File application-level menu
• Change password feature (in Profile view of User Preferences screen)
• Anonymous browsing

Access to Siebel administration and configuration views is also not available with an Application Object Manager configured for Web SSO authentication.

Verify that functionality you require does not rely on the capabilities in the previous list before you attempt to deploy such functionality in a Web SSO environment. For example, the Siebel eSales - Checkout Process workflow and user registration both make use of login forms.

Your Siebel Business Applications might require configuration changes to hide the capabilities in the previous list. For information on hiding or disabling the capabilities listed, see Configuring Siebel Business Applications. For information about logging out of a Web SSO environment, see Logging Out of a Siebel Application.