1. Implementing Sourcing
  2. Single Sign-On (SSO)

Single Sign-On (SSO)

Sourcing supports Single Sign-On (SSO) as an option for a customers' employees to gain access to the application from within their network without the need for credentials. This means an SSO process for employees to access Sourcing from the customers' network, not SSO between Sourcing and other applications.

Customers can select one of six values to automatically populate the SSOID with data from the Employee Connector from Recruiting. The chosen value from Recruiting will populate or re-map the SSOID in Sourcing. This allows easier deployment of Single Sign-On, and more choices in implementation.

Customers must choose a single value from the following list of six:

  • Email

  • Personal Email Address

  • Corporate Email Address

  • SmartOrg Username

  • Candidate Username

  • Employee ID

Additional implementation by Oracle is required to implement the above so please create a Service Request and contact your Oracle services or support representative for details.

Another setting, SSO Exit URL, allows Administrators to enter a configurable Exit URL. Employees who are authenticated through SSO can be directed to a specific destination page via the Exit URL when they terminate their session. Using this configurable Exit URL also ensures that employees only use the site in the authenticated state.

Note: The SSO Exit URL setting accepts a single value which is applied to all users terminating sessions from SSO.

Native SSO

Native Single Sign-On (SSO) replaces the legacy SSO allowing the SSO flow directly into Sourcing. You'll need to make some configuration changes both in Sourcing as well as the Identity Provider (IDP) application on your infrastructure. 

To set up native SSO:

Begin in Sourcing:
  1. Navigate to Sourcing > Configuration > Security > SSO/SAML Settings (OIF).
  2. Confirm that the SSO Enabled setting is enabled.
  3. Confirm that the Legacy SSO setting is enabled.
  4. Contact your IDP Administrator and ask for your Metadata URL.
  5. In the IDP Metadata URL setting, enter the Metadata URL given to you by your IDP Administrator. If a valid URL is entered, the metadata will appear in the IDP Metadata setting. You can manually enter or edit the metadata in this setting as needed.
  6. Click Generate SP Metadata in the SP Metadata setting. An XML file with Service Provider (SP) metadata for the Sourcing application will be downloaded. Note that this SP Metadata is specific to each zone. Separate SP Metadata needs to be generated for staging and production zones.

    Now in your IDP application:

  7. The SP Metadata xml file from Step 6 above must be uploaded to the IDP.  Please contact your IDP Administrator as needed.

    If the SSO Administrator adds a new federation to the customer’s IDP, then the SSO remains operable until the cutover is made in Step 9.

    If the SSO Administrator replaces the federation on the customer’s IDP with a new one, then the SSO becomes inoperable until the cutover is made in Step 9.

  8. Your IDP-initiated SSO URL needs to reference the new federations created in Step 9. This URL string for the modification comes from your IDP.
    Note: This step, Step 8, is only applicable if you have an IDP-initiated flow from your Internet Service Provider (ISP) to Sourcing. If you have only an ISP-initiated flow from your IDP to Sourcing, you can skip this step. Please contact your SSO Administrator for information if you need to understand the difference between these two.

    Lastly, back to Sourcing:

  9. Disable the Legacy SSO setting. You're all set. Once you disable the Legacy SSO, you'll be using your newly configured Native SSO.