Login Policies
Login Policies determine the authentication method and options for users to access the application.
There are five types of authentication methods:
| Authentication Method | Description |
|---|---|
| Internal | The internal authentication method (BasicHTTP) is a good solution for small companies with relatively few user credentials, which can be stored in the application database. |
| LDAP | The LDAP (Lightweight Directory Access Protocol) authentication method is similar to the internal method. The only difference is that the users' credentials are stored outside Oracle Field Service in an external LDAP server. This method can be used by companies that prefer to store their user data in an external server to increase security. When the LDAP authentication is used, the user enters their credentials into Oracle Field Service, which then passes them to the LDAP server for verification. To enable LDAP authentication, a software that supports LDAP v3 must be installed and configured on the customer's back-end server. Examples of such software are: Active Directory, OpenLDAP. |
| SAML | The SAML (Security Assertion Mark-Up Language) authentication method is an SSO method, involving authentication data exchange between the user, the service provider (SP) and the identity provider (IdP). The user wishing to access the services of the service provider has to pass the authentication by the identity provider, which asserts the user's identity to the service provider. The user's data is stored with the identity provider and is verified by the user's credentials. If the user authentication is successful, the service provider verifies the user's login policy and grants access to the application. One user can be associated with only one login policy and, therefore, its data can be stored with only one identity provider. The application supports SAML 2.0 protocol, therefore, you can use any SAML 2.0 identity provider. The identity provider details must be used in configuring the SAML Login Policy. |
| IDCS for Web SSO | You can use Oracle Identity Cloud Service (IDCS) as an identity provider for web SSO. This option helps customers store user credentials in a different store instead of Oracle Field Service. This option is part of the SAML authentication option, and you can upload the metadata as an XML file. |
| OpenID Connect | With the OpenID Connect authentication method, a user uses the account created with an OpenID Connect Identity Provider to log in to any website supporting the OpenID Connect authentication. The user registers the OpenID Connect URL with the OpenID Provider, which becomes the user's identifier. OpenID Connect can be a method of choice for companies preferring cloud data storage and using the same credentials to access multiple websites. |
Generally, the authentication method used depends on the company's business principles and requirements. In most cases, a company uses one authentication method, although, use of several authentication methods within the same company is technically possible.