Automatic OTP retrieval via SAML SSO

According to Zatca documentation, It’s possible to automatically obtain the OTP by having the taxpayer login using SAML SSO

But no documentation was provided on the SAML Idp to use to achieve such a flow.

I have also emailed

  • E-invoicing@zatca.gov.sa
  • sp_support@zatca.gov.sa

But did not receive any reply.

Dear @ahmednfwela

Thanks for reaching out, Welcome to our community.

Please find our below response:

Regarding OTP, you can do this through the below portals:

1- Zatca fatoora simulation portal: which is for getting the OTP for simulation environment, you can login use the TIN number and password (If you are solution provider you can ask RM to have it).
After login you can navigate to (Onboard New Solution Unit) and generate the number you want for OTP from simulation environment.

2- هيئة الزكاة والضريبة والجمارك fatoora portal: which is for getting the OTP for production environment, you can login use the TIN number and password (If you are solution provider you can ask RM to have it).
After login you can navigate to (Onboard New Solution Unit) and generate the number you want for OTP from simulation environment.

Note: Please note that the OTP will be available for 1 hr after being generated, after that it will be expired, and you will need to get new one.

Additionally: you can navigate to (API Documentation) that showing the end points you need to follow in order to ensure successfully onboarding even for simulation or production environments, our recommendation is to start with simulation after ensuring successfully integrated you can proceed with the production env.

For any further concerns, please do not hesitate to reach out.

Thanks,
Ibrahem Daoud.

Dear @idaoud
thanks for the prompt response,

however what you mentioned here is still the manual flow, where each taxpayer has to login manually and navigate through the portal to generate the otp
and then they would have to copy paste it into our solution manually.

The image I referenced however, mentioned a different flow where the user only needs to login, and the solution provider can get the otp via a redirect flow

Dear @ahmednfwela

Thanks for reaching out,

Please note that receiving OTP is just one time process for each device you want to onboard, you do not need to obtain new OTP while sending your actual invoices, You only need it at the first step in the onboarding process to get the CCSID.

The provided image clarifying the process to get the CCSID, mentioning that the OTP obtained manually.

It’s process from your side to ensure that the obtained OTP is used in your solution correctly based on the right environment you want to integrate with even if it’s (Simulation, or Production)

Thanks,
Ibrahem Daoud.

Dear @idaoud

Thanks for your reply,

Would you please explain to me the difference between these 2 flows

2 Likes