Oracle Web Services On Demand Guide > Establishing and Managing the Web Services Session > Single Sign-On >

Inbound SSO

Inbound SSO allows a company that has its own internal authentication system to validate a user and then seamlessly allow the user to log in to Oracle CRM On Demand.

The company must be set up to use SSO for Oracle CRM On Demand:

• The company and optionally the user must be configured for SSO.
• External Identifier for SSO must be specified.
• ITS URL for SSO must be specified.

If your company has been set up to use SSO for Oracle CRM On Demand, the following steps are used to initiate a Web service request to Oracle CRM On Demand using SSO:

1. The Web service client makes a request with the following command specifying the SSO Company Identifier.

   https://secure-ausomx[POD].crmondemand.com/Services/Integration?command=ssoitsurl&ssoid=<SSO_Company_Identifier>

2. The server returns the SSO ITS URL in the "X-SsoItsUrl" HTTP header of the response.
3. The Web service makes a request with the ITS URL.

The identity provider might respond to requests with a prompt for authentication credentials, for example, username and password. The client application must be able to recognize this request and respond appropriately.

NOTE:  The behavior of the identity provider is beyond the control of Oracle CRM On Demand.

Any client using Inbound SSO must be able to perform the following actions:

• Follow redirects
• Accept cookies

Customers are responsible for ensuring that their client applications are compatible with their chosen identity provider. For code samples for single sign-on see: https://codesamples.samplecode.oracle.com/servlets/Scarab/action/ExecuteQuery?query=crm_on_demand