1. Using B2C Service
  2. Single Sign-on Support in B2C Service

Single Sign-on Support in B2C Service

B2C Service includes single sign-on (SSO) support for agents working on the Service Console or Agent Browser UI and customers using the Customer Portal.

Typically, agents and customers log in using the logins and passwords specified in their B2C Service staff account and contact records. With single sign-on, however, agents and customers are authenticated by a different application, and B2C Service accepts authentication and logs them in.
Note: To enable single sign-on for agents, customers, or both, contact your Oracle account manager.

B2C Service supports two types of SSO:

  • IdP-initiated SSO
  • Service Provider (SP)-initiated SSO (supported only for agents)

IdP-initiated SSO

When agents and customers log in to a external identity provider, the IdP must authenticate their identity. Then they select a connection to the Service Console (for agents) or your customer portal (for customers).

After verifying the login credentials, the IdP encapsulates the result of the verification in an assertion that's signed using an X509 certificate and sends the assertion to B2C Service. The application verifies the signature and (if successful) accepts the account information for logging in to the B2C Service system. The assertion sent by the identity provider uses SAML 2.0 (Security Assertion Markup Language) architecture. This implementation of SAML 2.0 open login lets B2C Service accept identity provider assertions. The use of encrypted SAML tokens are supported. These are decrypted by B2C Service using an internal API.
Note: The identity provider’s login page can be embedded in the B2C Service Login window, providing a seamless method for agents to access the application and any service provider applications configured in B2C Service. See Authentication Using an External Identity Provider on the B2C Service Login Window.

An overview of the IdP-initiated single sign-on process is shown here.


This flow diagram illustrates the identity provider-initiated single sign-on process described in the text preceding the image.

SP-initiated SSO

B2C Service also supports SSO initiated from a service provider (SP) instead of an IdP. For example, an agent may attempt to access B2C Service by launching the login window. If SSO is enabled for this specific agent, B2C Service automatically redirects the agent to the appropriate login page the external IdP. The IdP captures the agent credentials and, if the authentication is successful, redirects the agent back to B2C Service with a SAML assertion.

Note: Customer login isn't supported using SP-initiated SSO.