Inbound SSO

Inbound SSO allows a company that has its own internal authentication system to validate a user and then seamlessly allow the user to log in to Oracle CRM On Demand.

The company must be set up to use SSO for Oracle CRM On Demand:

• The company and optionally the user must be configured for SSO.

• External Identifier for SSO must be specified.

• ITS URL for SSO must be specified.

If your company has been set up to use SSO for Oracle CRM On Demand, the following steps are used to initiate a Web service request to Oracle CRM On Demand using SSO:

1. The Web service client makes a request with the following command specifying the SSO Company Identifier.

   https://secure-ausomx[POD].crmondemand.com/Services/
   Integration?command=ssoitsurl&ssoid=<SSO_Company_Identifier>
   

2. The server returns the SSO ITS URL in the "X-SsoItsUrl" HTTP header of the response.

3. The Web service makes a request with the ITS URL.

The identity provider might respond to requests with a prompt for authentication credentials, for example, username and password. The client application must be able to recognize this request and respond appropriately.

Note: The behavior of the identity provider is beyond the control of Oracle CRM On Demand.

Any client using Inbound SSO must be able to perform the following actions:

• Follow redirects

• Accept cookies

Customers are responsible for ensuring that their client applications are compatible with their chosen identity provider.

For code samples for single sign-on see: https://codesamples.samplecode.oracle.com/servlets/Scarab/action/ExecuteQuery?query=crm_on_demand