This document summarizes a single sign-on user flow for a kiosk and mobile web clock application. It involves multiple layers including a network layer, presentation layer, web services layer, and data layer. The presentation layer is protected by an Oracle WebGate that will send successfully authenticated users to terms and conditions for the web clock application. The user is identified by their 10-digit enterprise ID after translation from their network account by an API web service. The data is accessed from WebLogic application servers through a reverse proxy on Apache web servers.