Getting Started

Single sign-on (SSO) makes it easier for customers to access their energy usage details by allowing them to use their utility web application user name and password to gain access. Customers can log into their utility website and then navigate to the Energy Efficiency Web Portal without creating an additional account. If customers attempt to access the Energy Efficiency Web Portal and are not currently logged into the utility website, they are automatically directed to the utility website to sign in, and then are returned to the content they were trying to view.

Note: While this documentation refers to the Energy Efficiency Web Portal, the SSO configuration information also applies to Digital Self Service - Energy Management, except where explicitly noted. For more information about the features and requirements of Digital Self Service - Energy Management, see the Oracle Utilities Opower Digital Self Service - Energy Management Cloud Service Product Overview.

Refer to General SAML Requirements and General OpenID Connect Requirements below for information on SSO configurations with SAML or OpenID Connect. Utilities also have the option of implementing SAML-based single logout (SLO) with Oracle Utilities. When SLO is implemented, and a customer logs out of the Energy Efficiency Web Portal or the utility website, the customer is automatically logged out of both sites. See SAML Single Logout (SLO) Configuration for more information.

General SAML Requirements

Oracle Utilities supports Security Assertion Markup Language (SAML) 2.0 to implement SSO with utilities. The use of SAML for SSO is for standalone web implementations only. If new versions are announced, Oracle Utilities will work to incorporate support for the latest SAML versions.

A utility's Oracle Cloud Infrastructure Identity and Access Management environment acts as the Service Provider (SP) and the utility acts as the Identity Provider (IdP). This means that customers log in on the utility website using their user name and password for the utility website. Customers can then access the Energy Efficiency Web Portal without having to log in again.

General OpenID Connect Requirements

Oracle Utilities supports the OpenID Connect protocol to authenticate users that interact with Oracle Utilities embedded widgets that are integrated using custom elements. OpenID Connect is built on top of the OAuth 2.0 authorization framework.

Note: For more information on integrating using custom elements, see the Oracle Utilities Opower Digital Self Service - Energy Management Embeddable Widgets Integration Guide.

The utility website acts as the Relying Party (RP) and must integrate with an OpenID Connect Provider. With this SSO implementation, customers can log in on the utility website and access embedded widgets without having to log in again. For more information on implementing SSO with OpenID Connect, refer to OpenID Connect Single Sign-On (SSO) Configuration.

Important: SLO implementation for OpenID Connect is configured between the RP and OpenID Connect Provider, and thus information on configuring OpenID Connect SLO or testing SLO are out of scope of this documentation. In general, when the RP website requests a customer logout, a redirect to an OpenID Connect Provider endpoint can complete the customer logout.