The app supports all types of single sign-on architectures supported by Oracle. Please refer to the My Oracle Support article Overview of Single Sign-On Integration Options for Oracle E-Business Suite (Doc ID 1388152.1) for information on Oracle-supported integration options.
Biometric authentication, such as Face ID or Touch ID on iOS, is not available when using Single Sign-On configurations.
In most cases, the configuration of the app for single sign-on is straightforward once you have enabled Oracle E-Business Suite for single sign-on. Once configured, the sign-in process works as described below.
On desktop and mobile web
When using the desktop or the web app, most users connect to Oracle by navigating to the AppsLogin servlet (/OA_HTML/AppsLogin). This is typically bookmarked, or linked to from an Intranet page.
For example:
- Navigate to my intranet
- Click on the link to Oracle E-Business Suite
- This connects to the AppsLogin servlet
- This redirects to the Single Sign-on server for authorization
- The Single Sign-on server requests a username or password or transparently authenticates using something like Kerberos
- When authenticated the Single Sign-on redirects back to Oracle E-Business Suite, which issues a login cookie
- The user accesses the app. Either automatically through the Start Page profile option, or by selecting a function on a responsibility
- The app uses the same login cookie for authentication, so works as expected.
- If the user is required to use two-factor authentication, they will additionally have to enter a token.
On native apps
When using the native app, the flow is slightly different:
- The user launches the native app
- If this is the first launch, it may show a Connect screen prompting the user for their Company Name or Email Address. This is not required if the app already embeds the hostname.
- The app then connects to E-Business Suite
- It recognizes that Single Sign-on is enabled, so it redirects the user to the Single Sign-on server for authorization in the native apps' embedded web browser (web view)
- The Single Sign-on server requests a username or password or transparently authenticates using something like Kerberos
- When authenticated the Single Sign-on redirects back to the app, which issues a login cookie
- If the user is required to use two-factor authentication, they will additionally have to enter a token
- The user uses the app
On the native app, the user must have network connectivity to the single sign-on server, otherwise, they won't be able to log in.
Consider that Kerberos single sign-on is usually only configured to work on Windows-based desktop computers and not on mobile devices. You may need to re-configure your Single Sign-on approach to allow connectivity from a mobile device.