1. How do I implement Microsoft 365 for Oracle Sales Redwood UX?
  2. Let Users Stay Signed in to the Add-In

Let Users Stay Signed in to the Add-In

You can enable the use of OAuth authentication tokens so that users can remain signed in to the add-in for a longer period of time, based on the company's policy. Not only do OAuth authentication tokens make using the add-in simple, but it's also secure.

Overview of Setup Steps

To set up this feature, you:

  1. Register the Microsoft 365 add-in with Oracle Identity Cloud Service, by creating a Confidential Application in the Identity Cloud Service console.
  2. Associate the Confidential Application details with the add-in, using Setup and Maintenance in Oracle Sales.

Create a Confidential Application for the Add-In

Here's how you create the add-in as a Confidential Application in Identity Cloud Service:

  1. Sign in to My Console in Identity Cloud Service, by navigating to www.oracle.com > View Accounts and enter the name of the relevant pod in the Cloud Account Name field. You have at least two pods, a test and a production pod, so ensure that you enter the correct pod.
  2. Click Next and enter your Identity Cloud Service password. If you can't remember the password, contact Oracle Support for help.
    Note: For more information about Identity Cloud Service, navigate to https://docs.oracle.com, search for Identity Cloud Service, and click Oracle Identity Cloud Service - Get Started.
  3. In the Identity Cloud Service console, expand the Navigation Drawer, and then click Applications.
  4. Click Add.
  5. On the Add Application page, click Confidential Application.
  6. In the Details tab of the Add Confidential Application wizard, enter information in the Name and Description fields. These fields are used to identify the Confidential Application in Identity Cloud Service only -- they don't appear outside of Identity Cloud Service. For example, they don't appear in Oracle Sales.
  7. Click Next.
  8. In the Client tab, click the Configure this application as a client now option.
  9. In the Allowed Grant Types options list, select these options:
    • Refresh Token
    • Authorization Code
  10. Select the Allow non-HTTPS URLs option.
    Note: This option doesn't open a URL that isn't secure, it just sends a request to the add-in.
  11. In the Redirect URL field, enter <host>/crmUI/o365nextgen/web/faTokenRedirect.html?authType=oAuth
  12. Click Next.
  13. In the Resources tab, enter a value in the Access Token Expiration field. This defines how long the access token associated with the add-in remains valid.
  14. Select the Is Refresh Token Allowed option and enter a value in the Refresh Token Expiration field. This defines how long the access token can be refreshed until the sales representative needs to sign into the add-in again.

    When an access token expires, the add-in uses a valid refresh token to get a new pair of access and refresh tokens. If the refresh token isn't valid, or has expired, the sales representative has to sign in again. If the refresh token is valid the add-in uses it to get a new access token, which is used to validate subsequent access to the add-in.

    Note: It's recommended to keep the access token validity to a short duration and the refresh token to a long duration. For example, 30 minutes for the access token and 7 days or more for the refresh token.
  15. In the Primary Audience field, add your host URL.
  16. In the Scopes section, click Add, and enter the value /cxo.
  17. Click Next to navigate to the Web Tier Policy tab. Nothing needs to be entered here.
  18. Click Next to navigate to the Authorization tab. Nothing needs to be entered here.
  19. Click Finish. The the add-in has been added in a de-activated state.
  20. Record the Client ID and Client Secret that appear in the Application Added dialog box. The Client ID and Client Secret are equivalent to a credential (for example, an ID and password) that your application uses to communicate with Identity Cloud Service.
  21. Click Close.
  22. At the top of the page, to the right of the application name, click Activate.
  23. In the Activate Application? dialog box, click Activate Application.

For more information about creating a Confidential Application, navigate to https://docs.oracle.com, search for Identity Cloud Service, click Oracle Identity Cloud Service - Get Started, and click Manage confidential Applications under the Manage Applications heading.

Associate the Confidential Application with the Add-In

Here's how you use Setup and Maintenance to associate the Identity Cloud Service Confidential Application with the add-in:

  1. In the Sales application, sign in as an administrator. Open the navigator menu, and click Setup and Maintenance.
  2. In the Setup and Maintenance work area, click the Tasks side panel icon and then click the Search link.
  3. Search for and select the Manage CX Cloud Mobile OAuth Configuration task.
  4. In the Identity Cloud Service Host Name field, enter your Identity Cloud Service host.
  5. Select Oracle Sales for Outlook and then add the Client ID and the Client Secret for the add-in.
  6. Click Save.

When OAuth authentication tokens are enabled, the add-in reads the OAuth parameters when the user signs in. The next time the user closes and restarts the add-in, or the current session expires, the add-in prompts them to sign in again. After this second sign-in, the OAuth authentication starts, and from then the user stays signed in to the add-in, as long as they use the add-in at least once during the time validity of the refresh token configured in Oracle Identity Cloud Service.