Authentication
Authentication refers to the ways that a customer can access the Business Customer Engagement Digital Self Service - Energy Management web portal securely. The two methods available are single sign-on (SSO) and standalone account management. Each utility chooses which one of these to implement when launching the Oracle Utilities Opower program. In addition, some Customer Service Representatives may be able to access a business customer's web portal account to help them troubleshoot issues. The authentication method in place depends on each utility's setup and configuration.
Single Sign-On (SSO)
SSO allows business customers to use the same username and password to access the web portal and any other web applications provided by a utility. All usernames and passwords are created, maintained, and updated on the utility's web site. The method of SSO depends on the type of implementation (standalone or embedded) that is agreed upon between Oracle Utilities and the utility.
SSO for Standalone Implementations
For standalone implementations of the cloud service, Oracle Utilities uses Security Assertion Markup Language (SAML) 2.0 to implement SSO with utilities. Moreover, Oracle Utilities supports Identity Provider-Initiated and Service Provider-Initiated SSO using HTTP POST binding. As part of the SSO implementation process, the utility must provide a SAML metadata file and a SAML insertion with the required information. This allows Oracle Utilities to identify the customer and authenticate the request. See the Oracle Utilities Opower SSO Configuration Guide for details.
SSO for Embedded Widget Implementations
For embedded widget implementations of the cloud service, Oracle Utilities supports OpenID Connect-based SSO. In this case, the utility website acts as the Relying Party and must have an integrated authentication server that conforms to the OpenID Connect specification. See OpenID Connect Single Sign-On (SSO) Configuration for details.
SSO requires all authentication to be handled by the utility's website. After business customers have been authenticated using the utility website sign-in options, they have access to all features and pages of the Business Customer Engagement Digital Self Service - Energy Management cloud service. This can include individually hosted pages as well as content that has been embedded directly within the utility's website.
Note:
In cases where SSO credentials are maintained by the utility's web site, business customers cannot use the Account Center to change their login email or password.Standalone Authentication
Standalone account management requires business customers to create a new Business Customer Engagement Digital Self Service - Energy Management account (including a user name and password) that is separate from any other utility-provided web applications or accounts. When standalone account management is implemented, business customers can access the web portal by navigating directly to it and creating a new account once they get there.
Account Sign In and Sign Out
Business customers who have created their account can use their account email address and password to sign in from the landing page. A standard link is available throughout the web portal for signing out. By default, the session lasts for 30 minutes before timeout, at which point the customer is automatically signed out.
Password Reset
Note:
If a customer knows their password and wants to change it, they can use the Account Center rather than the password reset feature.