Let Users Stay Signed in to the Add-In
You can enable the use of OAuth authentication tokens so that users can remain signed in to the add-in for a longer period of time, based on the company's policy. Not only do OAuth authentication tokens make using the add-in simple, but it's also secure.
Overview of Setup Steps
To set up this feature, you:
- Register the Microsoft 365 add-in with Oracle Identity Cloud Service (IDCS), by creating a Confidential Application in the Identity Cloud Service console.
- Associate the Confidential Application details with the add-in, using Setup and Maintenance in Oracle Sales.
Create a Confidential Application for the Add-In
Here's how you create the add-in as a Confidential Application in Identity Cloud Service:
- Sign in to My Console in IDCS by navigating to to the cloud.
- In the menu, in Identity & Security, click Domains.
- On the next screen, the UI might display one of the compartments. If it's not the correct compartment, then select the correct one from the drop-down list. Once you're in the correct compartment, click into the Domain for that compartment.
- Click Integrated applications and then click the Add application button.
- On the Add Application page, click Confidential Application and then launch the workflow.
- In the Add application details step of the Add Confidential Application wizard, enter information in the Name and Description fields. These fields are used only to identify the Confidential Application in IDCS -- they don't appear outside of IDCS. For example, they don't appear in the Oracle Sales app.
- Click Next.
- In the Configure OAuth step, in Client configuration, click the Configure this application as a client now option.
- In the Allowed Grant Types options list, select these
options:
- Refresh Token
- Authorization Code
- Select the Allow non-HTTPS URLs option.
- In the Redirect URL field, enter
<host URL>/crmUI/o365nextgen/web/faTokenRedirect.html?authType=oAuth
- In Token Issuance Policy, select Specific for Authorized Resources, and then select Add resources. Click Add Scope, in Resources.
- In the Add scope drawer, search for and select Oracle Application
Cloud (Fusion) from the list of resources. Click
Add. Note: If Oracle Application Cloud (Fusion) isn't available, then look for
Fusion Applications Cloud Service
instead. - Record the Scope value of the resource you added.
- Click Next.
- In the Configure policy step, select Skip and do later.
- Click Finish. The add-in application is added in a deactivated state.
- Record the Client ID and Client Secret that appear in the General Information section. The Client ID and Client Secret are equivalent to credentials (like a User ID and password combination) that your application uses to communicate with IDCS.
- At page level, click Activate.
- In the Activate application dialog box, click Activate application.
For more information about IDCS, see the Oracle Identity Cloud Service - Get Started page on Oracle Help Center
Associate the Confidential Application with the Add-In
Here's how you use Setup and Maintenance to associate the Identity Cloud Service Confidential Application with the add-in:
- In the Sales application, sign in as an administrator. Open the navigator menu, and click Setup and Maintenance.
- In the Setup and Maintenance work area, click the Tasks side panel icon and then click the Search link.
- Search for and select the Manage CX Cloud Mobile OAuth Configuration task.
- In the Identity Cloud Service Host Name field, enter your Identity Cloud Service host.
- Select Oracle Sales for Outlook and then add the Client ID and the Client Secret for the add-in.
- Click Save.
When OAuth authentication tokens are enabled, the add-in reads the OAuth parameters when the user signs in. The next time the user closes and restarts the add-in, or the current session expires, the add-in prompts them to sign in again. After this second sign-in, the OAuth authentication starts, and from then the user stays signed in to the add-in, as long as they use the add-in at least once during the time validity of the refresh token configured in Oracle Identity Cloud Service.