Setting Up Single Sign-on

Account Administrators can enable and set up single sign-on for the account.

After enabling single sign-on for the account, you need to enable it for individual users.

About Single Sign-on and SAML

Single sign-on gives users the ability to sign in once to your corporate account to establish their credentials. As a result, users who are logged into your corporate account will not have to provide login credentials again to log into Oracle Responsys.

Oracle Responsys uses Security Assertion Markup Language (SAML) for single sign-on. SAML is an XML-based solution for exchanging user security information between a SAML identity provider and service providers in your company (in this case, Oracle Responsys is the service provider). The service provider uses the user credentials supplied by the identity provider to grant access to the application.

Before You Begin

Before enabling Single Sign-on, you need to obtain the following from your IT department:

  • Issuer - the URL that uniquely identifies your SAML identity provider
  • Identity Provider Certificate - the authentication certificate issued by the identity provider

    Note: Be sure to store the certificate where you can access it. You will need to upload it when setting up single sign-on.

  • Identity Provider Login URL - the URL to which Oracle Responsys sends the request to begin the login
  • Identity Provider Logout URL - the URL to which users are directed when they click the Logout link in Oracle Responsys
  • SAML User Id Type - the SAML user ID type:
    • Assertion contains the Federation ID from the User object - the identity provider uses an external ID to identify the user, for example the employee ID

      In this case, you need to obtain all users' Federation IDs.

    • Assertion contains User’s RI username - the identity provider uses the Oracle Responsys username to identify users
  • SAML User Id Location - the location of the SAML user ID:
    • User ID is in the NameIdentifier element of the Subject statement - the user ID is located in the <Subject> statement
    • User ID is in the Attribute element - the user ID is located in an attribute

      In this case, you need to obtain the name of the attribute which contains the user ID.

Enabling Single Sign-on

After you gather the required information, you can enable single sign-on for the account.

  1. From the side navigation bar, select Account . (If you do not see the side navigation bar, click the Menu button (aka Hamburger menu) icon.)
  2. Select Global settings, and then select Single Sign-on settings. (Not seeing this choice? Refer to the Account management changes topic.)

    The Enable Single Sign-on for account page opens.

  3. Select the Enable Single Sign-on using SAML checkbox.
  4. Type or select information you gathered:
    • Issuer - the URL that uniquely identifies your SAML identity provider
    • Identity Provider Certificate - click Browse to locate and upload the authentication certificate issued by the identity provider
    • Identity Provider Login URL - the URL to which Oracle Responsys sends the request to begin the login
    • Identity Provider Logout URL - the URL to which users are directed when they click the Logout link in Oracle Responsys
    • SAML User Id Type - either Assertion contains the Federation ID from the User object or Assertion contains User’s RI username

      If the SAML User ID type is Assertion contains the Federation ID from the User object, you will need to map the Federation IDs to users' Oracle Responsys user names. To do this, specify each user's Federation ID on the Edit User page (for existing users) or Add Users page (when adding a user).

    • SAML User Id Location - either User ID is in the NameIdentifier element of the Subject statement or User ID is in the Attribute element

      If you select User ID is in the Attribute element, enter the name of the attribute in the Attribute Name field.

  5. Click Save.
  6. Create a file that contains the single sign-on information:
    1. Click Download Metadata.

      The file download dialog opens.

    2. Click Save and create the file.
  7. Send the file to your IT department for single-sign on implementation.
  8. If the SAML User ID type is Assertion contains Federation ID from the User Object, specify each user's Federation ID on the Edit User page. 
  9. Enable single sign-on for individual users. You can disable single sign-on for individual users on the Edit User page. 

[SSO, single sign-on, Single Sign-on settings, Global settings]