Recommended SSO Implementation

The Manage SSO configuration user type permission is required. (See: Granting Permission to Manage Single Sign-On (SSO)).

It is recommended that you enable and test IdP initiated flows before enabling SP initiated flows. If both IdP and SP initiated flows are enabled at the same time, you run the risk of completely locking out users due to incorrect SSO configuration.

1. Obtain the metadata file for the corporate Identity Provider from your IT department.
2. Register the Identity Provider in Oracle Taleo Enterprise Edition.
   1. Decide which Service Providers (SmartOrg, career section or both) must be activated for this IdP.
   2. Initially activate just IdP initiated flows.
   3. Set up the exit and error URLs if necessary.
3. Export the Service Provider metadata files from Oracle Taleo Enterprise Edition.
4. Register the Service Providers in the IdP by importing the metadata files.
5. Synchronize SmartOrg SSO user identity (either using TCC or manually).
6. Test IdP initiated access to SmartOrg.
7. Activate SSO in one or more career sections.
8. Synchronize career section SSO identity (either using TCC or the career section SSO wizard).
9. Test IdP initiated access to these career sections.
10. Activate SP initiated flows for the IdP.
11. Test SP initiated access to SmartOrg.
12. Test SP initiated access to career section.