Replicon
Before You Begin
Introduction
This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) for Replicon using SAML.
About Replicon
Replicon is a Software as a Service (SaaS) solution providing cloud based time tracking applications including timesheet and expense management software, for automating employee time tracking, project time tracking, expense tracking, and resource scheduling.
After integrating Replicon with Oracle Identity Cloud Service:
- Users can access Replicon using their Oracle Identity Cloud Service login credentials.
- Users can start Replicon using the Oracle Identity Cloud Service My Apps console.
- Admins can assign and revoke user access to the Replicon app using the Oracle Identity Cloud Service administration console.
What Do You Need?
- An Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
- A Replicon account with authorization rights to configure federated authentication.
- Make sure that the email ID of each user in Replicon matches the primary email ID of the Oracle Identity Cloud Service account.
Configuring the Replicon App in Oracle Identity Cloud Service
Use this section to register and activate the Replicon app, and then assign users to the app.
Obtaining Tenant, Company Name, and IDCS Domain
A dedicated Tenant, Company Name, and IDCS Domain is required before you can register and activate the Replicon app.
The Replicon company name is the value that you registered with Replicon while creating the account.
The Tenant and IDCS Domain values appear in the Oracle Identity Cloud Service My Profile console URL:
https://<Tenant>.<IDCS_Domain>/ui/v1/myconsole.
Registering and Activating the Replicon App
Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.
Click App Catalog.
Search for
Replicon, and then click Add.In the App Details section, enter your Replicon Company Name, IDCS Domain, Tenant, and then click Next.
Note: These are the values that you obtained while performing the steps in the "Obtaining Tenant, Company Name, and IDCS Domain" section.
Click Download Signing Certificate.
Tip: Use this file later during the Replicon configuration in the "Configuring SSO for Replicon" section.
Click Finish. Oracle Identity Cloud Service displays a confirmation message.
Click Activate, and then click Activate Application. The Oracle Identity Cloud Service displays a confirmation message.
Assigning Users to the Replicon App
On the Replicon app page in Oracle Identity Cloud Service, select Users, and then click Assign. The Assign Users window appears.
Select users that you want to assign to Replicon, and then click OK. Oracle Identity Cloud Service displays a confirmation message stating that the Replicon app is assigned to the users that you selected.
Configuring SSO for Replicon
Access Replicon as an administrator using the URL:
https://login.replicon.com/. The Replicon home page appears.Click Administration in the upper-right corner of the home page, locate the System and Security section, and then click Security Settings.
On the Security Settings page, use the following table to update the federated authentication attributes, and then click Save.
This table lists the mandatory federated authentication attributes that you must set to complete the SSO configuration. Attribute Value Enable SAML Authentication for Single Sign-On Select the check box. SAML Public Key Upload the Oracle Identity Cloud Service certificate that you downloaded during the Replicon registration in Oracle Identity Cloud Service. See the "Registering and Activating the Replicon App" section. SAML Transfer URL Enter the Sign-in URL/SSO Endpoint: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/sso'{0}'. Note: Make sure that you suffix'{0}'to the URL.Session Timeout Select Never automatically logout from the drop-down list. Copy the home page URL in another tab, and then append the following to the URL after your company name:
/services/SecurityService1.svc/help/test/EnableSAMLAuthentication2. For instance,https://na7.replicon.com/<Company_Name>/services/SecurityService1.svc/help/test/EnableSAMLAuthentication2.Note: Use this URL to access the Replicon SAML Authentication settings to configure SAML authentication.
Access the Replicon SAML Authentication settings using the URL obtained in the previous step. The EnableSAMLAuthentication2 page appears.
Expand v20Configuration, expand manualConfiguration, and then enter the Sign-in URL/SSO Endpoint:
https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/ssoin ssoHTTPPostUrl.Click Browse in the idpPublicKey field, and then upload the Oracle Identity Cloud Service certificate that you downloaded during the Replicon registration in Oracle Identity Cloud Service. See the "Registering and Activating the Replicon App" section.
Click the icon near the xmlSignatureAlgorithm field, select SHA256, and then click Submit. The EnableSAMLAuthentication2 page displays a success message.
Click Administration in the upper-right corner of the home page, locate the Employees and Organization section, and then click Users. The Users page appears.
Click the user that you want to assign SAML authentication rights. The User Profile page appears.
Select SSO from the Authentication Type drop-down list, and then click Save. The user is assigned with SAML authentication rights.
Note: Selecting SSO deactivates the ability to log in using the user name and password. Remain logged in to the Replicon session until you complete the next section to verify that Identity Provider initiated SSO from Oracle Identity Cloud Service works. To disable SAML authentication, select Replicon from the Authentication Type drop-down list in the User Profile page, and then clear the Enable SAML Authentication for Single Sign-On selection in the Security Settings page.
Verifying the Integration
Use this section to verify that SSO works when initiated from Oracle Identity Cloud Service (IdP Initiated SSO).
Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service
Access the Oracle Identity Cloud Service My Profile console using the URL:
https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.Log in using credentials for a user that is assigned to the Replicon app. Oracle Identity Cloud Service displays a shortcut to Replicon under My Apps.
Click Replicon. The Replicon home page appears.
In the lower-right corner of the page, confirm that the user logged in is the same for both Replicon and Oracle Identity Cloud Service.
This confirms that SSO that is initiated from Oracle Identity Cloud Service works.
Troubleshooting
Use this section to locate solutions to common integration issues.
Known Issues
Replicon displays the message, "The system could not process your logon request. Please contact your administrator."
Cause: The email attribute sent by Oracle Identity Cloud Service during SSO doesn't match any existing user in Replicon.
Solution: Ensure that the user that you assign to the Replicon app has an account in both Oracle Identity Cloud Service and Replicon with the same email address.
Unknown Issues
For unknown issues, contact Oracle Support:
Go to https://support.oracle.com.
Select Cloud Support, and then sign in with your support credentials.
In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.
Select Oracle Identity Cloud Service as the service type.
Complete your service request.