Regardless of the sign-in flow, the user must have network connectivity to Oracle E-Business Suite for the app to connect. For example, if users are required to VPN in or connect to a LAN before they can access Oracle E-Business Suite they will need to do so before launching the app.
Standard sign in (local)
This flow uses the standard Oracle E-Business Suite Application Users (FND Users) as its identity store. It re-uses the same session management that is used by standard Oracle functionality, such as Oracle Application Framework (OAF) pages. The login process varies based on the device being used and, if it's a mobile device, whether the user is signing in to the native app or the web app (using a mobile web browser such as Safari).
Signing in on desktop and mobile web using AppsLocalLogin.jsp
When using the desktop or the web app, most users connect to Oracle by navigating to the AppsLogin servlet (/OA_HTML/AppsLogin). This is typically bookmarked, or linked to from an Intranet page.
For example:
- Navigate to my intranet
- Click on the link to Oracle E-Business Suite
- This connects to the AppsLogin servlet
- This redirects to AppsLocalLogin.jsp for local login
- The user enters their username and password
- Oracle E-Business Suite issues a login cookie
- The user accesses the app. Either automatically through the Start Page profile option, or by selecting a function on a responsibility.
- The app uses the same login cookie for authentication, so works as expected. If two-factor authentication is enabled, the user will additionally be required to enter a token.
Signing in on the native app
When using the native app, the flow is slightly different:
- The user launches the native app
- If this is the first launch, it may show a Connect screen prompting the user for their Company Name or Email Address. This is not required if the app already embeds the hostname.
- The app then connects to E-Business Suite
- It shows the apps built-in login page
- The user enters their username and password and submits the login page
- The Applaud REST API interacts with Oracle's session management and issues a login cookie
- The user uses the app as if they had logged in through AppsLocalLogin.jsp
- If the user is required to log in using two-factor authentication, they will additionally be required to enter a token.
Signing in on desktop and mobile web using the apps built-in login page
As an alternative to using AppsLocalLogin.jsp, you may prefer that all or some of your users sign in using the app's built-in login page. You might do this if your users only use Applaud software, or if you prefer the branding and features of the app's built-in login page. You would do this by publishing a different URL to your user communities, for example:
https://ebs.mycompany.com/OA_HTML/a/#/person-home
This sign-in flow is similar to the native app:
- The user launches their web browser and navigates to the login URL
- The person-home is a secured page and requires authentication, so the app displays the built-in login page
- The user enters their username and password and submits the login page
- The Applaud REST API interacts with Oracle's session management and issues a login cookie
- The user uses the app as if they had logged in through AppsLocalLogin.jsp. If the user is required to use two-factor authentication, they will additionally have to enter a token.
- If a user then navigates to other standard Oracle functionality, such as the Oracle Applications Home Page, an Oracle Applications Framework page, or into Professional forms they will not need to sign in again
Sign in using biometric authentication (local only)
Biometric authentication allows users to log in to the native app using their face or fingerprint.
This feature is currently available on iOS devices that support Face ID or Touch ID.
This feature is not available when using Single Sign-On configurations.
This flow is similar to the native app sign-in flow. The flow varies based on whether biometric authentication has been set up or not.
Face ID or Touch ID has not been setup
- The user launches the native app
- If this is the first launch, it may show a Connect screen prompting the user for their Company Name or Email Address. This is not required if the app already embeds the hostname.
- The app then connects to E-Business Suite
- It shows the apps built-in login page
- The user enters their username and password and submits the login page
- The Applaud REST API interacts with Oracle's session management and issues a login cookie
- The user uses the app as if they had logged in through AppsLocalLogin.jsp. If they are required to use two-factor authentication, they will also have to enter a token.
- If the device supports Face ID or Touch ID, the app prompts the user to set that up
- The user's credentials are stored in their iOS Key Chain
Face ID or Touch ID has been setup
- The user launches the native app
- The app connects to E-Business Suite
- It shows the apps built-in login page and prompts for Face ID or Touch ID authentication
- The user authenticates by looking at the device (Face ID) or by touching the Home button (Touch ID)
- The app retrieves the encrypted credentials from the iOS Key Chain and submits the login form automatically
- The Applaud REST API interacts with Oracle's session management and issues a login cookie
- The user uses the app as if they had logged in through AppsLocalLogin.jsp. If they are required to use two-factor authentication, they will also have to enter a token.
If the user's password changes or expires, they will be required to sign in manually so that biometric authentication can be updated with the new credentials.
Biometric authentication can be disabled by setting the profile option XXAS: Allow Biometric Authentication to No at the Site level.
Single sign-on (SSO)
The app also supports Single Sign-On configurations that are supported by Oracle. For more information about using Single sign-on, please see Single sign-on.
Biometric authentication is not supported in Single Sign-On configurations.
Two-factor authentication (2FA)
The app supports two-factor authentication regardless of your sign-in/outflows. For more information about 2FA, please refer to Two-factor authentication (2FA).