SAML Single Sign-On (SSO) Configuration

There are two configurations for implementing SAML-based SSO with the Oracle Utilities Opower Energy Efficiency Web Portal. The first is single account SSO, in which customers only have access to one account with their utility. See SAML Attribute for Single Account SSO. The second is multiple account SSO, in which customers have access to one or more accounts with their utility and need the ability to switch between them. The main difference in supporting these scenarios is that the multiple account implementation requires additional data elements in the SAML assertion that is used in the authentication process. The multiple account SSO implementation option can support users who have a single account or multiple accounts, and is the recommended implementation option for all utilities. See SAML Attribute for Multiple Account SSO.

Utility Configuration Checklist

SSO relies on standards-based communication between a federation server managed by the utility and the server managed by Oracle Utilities. The following steps are required to set up and configure SSO for single or multiple account SSO.

  1. Set up two SAML 2.0 Identity Provider federated servers: Stage and Production. Also set up authentication services for Stage and Production.
  2. Oracle Cloud Infrastructure Identity and Access Management (IAM) domains must be configured prior to implementation. Be aware that Oracle Utilities representatives will access these domains to assist with configuration. This access requires Oracle Utilities to create accounts for the domain, and email notifications are sent to the domain administrator when these accounts are created.
  3. Provide Oracle Utilities with SAML metadata to connect to these servers.
  4. Provide Oracle Utilities with test login accounts for end-to-end testing on these servers. If necessary, provide Oracle Utilities with VPN access to the Stage login page. If your test site is behind a firewall, ensure that you add the Oracle Utilities IP address to your allowlist. Contact your Delivery Team to retrieve the Oracle Utilities IP address value.