Terminology

SSO

Single Sign-On (SSO) is an authentication approach that lets you access multiple applications using a single, trusted set of credentials. Instead of logging in separately to each app, you authenticate once with an identity provider, which issues tokens that downstream apps accept. This improves security (fewer passwords to manage, centralized policies) and enhances user experience by reducing login friction.

OP

Short for OpenID Provider. Refers to the identity management solution developed by Oracle Restaurants and in use since release 20.1. It is compliant with the industry standard OpenID Connect specification. Oracle Restaurants is replacing this solution with Oracle OCI IAM.

IdP

An identity provider (IdP) is a trusted system that authenticates and verifies your identity and issues secure assertions or tokens (for example, SAML, OIDC) about you. It centralizes login, enforces security policies like MFA, and maintains the authoritative user directory. In SSO, apps rely on the IdP's assertions instead of performing their own password checks.

Within a Simphony environment, the IdP is your SSO solution, such as Ping Federate, Okta, or Azure Entra ID.

SP

A service provider (SP) is the application or service you want to access, which delegates authentication to an external IdP. It validates the IdP's assertions/tokens and establishes a session based on that trusted information. In SSO, the SP consumes the IdP's claims to grant access without requiring a separate login.

Within a Simphony environment, the SP is Simphony Home (Reporting and Analytics, Frontline Manager, Delivery Connectors, Payments, and other cloud apps). When SSO is enabled, the Simphony cloud login page redirects you to the company's IdP for log-in and then redirects to Simphony Home.

OCI IAM and IDCS

Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) was previously known as Identity Cloud Service (IDCS). OCI IAM is Oracle's cloud service for controlling who can access OCI resources or Oracle applications, and what they can do. It provides user management; supports Single Sign-On with enterprise IdPs; and enables federation. In short, it centralizes secure authentication, helping organizations enforce security, compliance, and governance at scale.

Identity domain/Stripe

OCI IAM Identity Domains are isolated identity containers in Oracle Cloud for user management with dedicated settings and a lifecycle. Each domain has its own security configuration (for example, MFA, password policies), admin roles, branding, and integrations (SAML/OIDC), enabling strong tenant isolation and delegated administration. They support different use cases (workforce, B2B/B2C, app-specific) and can be created, customized, and governed independently within an OCI tenancy.

"Stripe" is the old name used with IDCS.

Oracle Restaurants is migrating all existing users from its OP database into an Identity Domain per enterprise. To leverage SSO, you need to provide your own identity domain so admins can configure federation for their IdP.

Federated People

Federated people authenticate through an external IdP. They do not have a password in OCI IAM and can only sign in through the IdP.

Non-Federated People

Non-federated people, sometimes called local users, exist in OCI IAM and can authenticate locally in OCI IAM. They can also sign in through the IdP if they exist in the IdP. Common examples include partners, external consultants, support users, and users from multiple franchisees who do not use your corporate SSO server.