Oracle Fusion Data Intelligence

Welcome to the Oracle Analytics Online Forum!

We're thrilled to have you join our community of analytics enthusiasts and professionals. To enhance your experience and foster meaningful interactions, we encourage you to personalize your profile by setting up a display name and uploading a profile picture. Your display name will be how others recognize and engage with you in discussions, while a profile picture adds a personal touch to your forum presence.

Take a moment to update your profile with a display name and an image representing you. Let's create a vibrant and engaging community together!

Can FAW instance be created without enabling SSO, and later SSO be enabled successfully?

Accepted answer
153
Views
8
Comments
User_L2TQS
User_L2TQS ✭✭✭

Tagged:

Best Answer

  • Ravi Guddanti-Oracle
    Answer ✓

    It won't complicate anything, in order to ensure the provisioning process runs smoothly verify that the user initiating the provisioning exists within the specified domain and is able to login using the local authentication (not the SSO as it hasn't been setup yet). Once the provisioning is completed, at a later point in time, you can configure the SSO setup just as documented in the blog. Download the pdf file from the blog, which has stepby-step instructions on configuring the SSO. The steps within the individual sections remain the same.

Answers

  • Yes, SSO can be enabled after the instance has been provisioned. Reference

    blog post for additional information on setting up SSO.

  • User_L2TQS
    User_L2TQS ✭✭✭

    The document says "You must set up single sign-on before you create your FAW instance. The steps depend on the following scenarios:"

    So this is just a recommendation? Will it complicate anything if done later or the steps remain the same i.e. "Create the following OCI policy to enable a specific group of users to create and
    manage the FAW instances on the tenancy"

  • User_L2TQS
    User_L2TQS ✭✭✭

    @Ravi Guddanti-Oracle I have been looking for clarification on this. in the document it says -

    "Create the following OCI policy to enable a specific group of users to create and
    manage the FAW instances on the tenancy:

    Allow group ''/'' to manage analytics-warehouses in
    tenancy
    Allow group ''/'' to manage analytics-instances in tenancy
    Allow group ''/'' to manage autonomous-database-family
    in tenancy

    "

    What should be this specific group of users? Should we create a group for all users who request access to FAW and then add policies for this group?

    Looks like this policy allows this group to do much more than use SSO. what exactly is happening when we allow this policy?

    Thanks for addressing my questions.

  • These specific policies should be assigned to only those users who are designated to create and manage Fusion Analytics instances in the tenancy. This must not be assigned to all users who request access to Fusion Analytics application. These policies allow users to view and manage the Fusion Analytics instance and its associated OAC and ADW instances in the tenancy. Hope this clarifies.

  • User_L2TQS
    User_L2TQS ✭✭✭

    Hi @Ravi Guddanti-Oracle this makes sense. But can you clarify further - how in background does this step enable all users to use SSO access to FAW? I see for scenario#2 , this is the only step mentioned for enabling SSO.

  • @User_L2TQS As @Ravi Guddanti-Oracle mentioned, these policies are only required for those users that need to administrate FDI and its associated OAC and ADW in the tenancy. As per scenario# 2, both Fusion Applications and FDI are associated with the same identity domain within the same cloud tenancy. So, the SSO is already taken care.

    @Ravi Guddanti-Oracle Please correct me if I am missing something.

  • User_L2TQS
    User_L2TQS ✭✭✭

    @BalagurunathanBagavathy-Oracle Makes sense. But I am still not sure why is this step to add policy mentioned in the SSO document Scenario#2 ?