We're thrilled to have you join our community of analytics enthusiasts and professionals. To enhance your experience and foster meaningful interactions, we encourage you to personalize your profile by setting up a display name and uploading a profile picture. Your display name will be how others recognize and engage with you in discussions, while a profile picture adds a personal touch to your forum presence.
Take a moment to update your profile with a display name and an image representing you. Let's create a vibrant and engaging community together!
Can FAW instance be created without enabling SSO, and later SSO be enabled successfully?
Best Answer
-
It won't complicate anything, in order to ensure the provisioning process runs smoothly verify that the user initiating the provisioning exists within the specified domain and is able to login using the local authentication (not the SSO as it hasn't been setup yet). Once the provisioning is completed, at a later point in time, you can configure the SSO setup just as documented in the blog. Download the pdf file from the blog, which has stepby-step instructions on configuring the SSO. The steps within the individual sections remain the same.
1
Answers
-
Yes, SSO can be enabled after the instance has been provisioned. Reference
blog post for additional information on setting up SSO.
0 -
The document says "You must set up single sign-on before you create your FAW instance. The steps depend on the following scenarios:"
So this is just a recommendation? Will it complicate anything if done later or the steps remain the same i.e. "Create the following OCI policy to enable a specific group of users to create and
manage the FAW instances on the tenancy"0 -
@Ravi Guddanti-Oracle I have been looking for clarification on this. in the document it says -
"Create the following OCI policy to enable a specific group of users to create and
manage the FAW instances on the tenancy:Allow group ''/'' to manage analytics-warehouses in
tenancy
Allow group ''/'' to manage analytics-instances in tenancy
Allow group ''/'' to manage autonomous-database-family
in tenancy"
What should be this specific group of users? Should we create a group for all users who request access to FAW and then add policies for this group?
Looks like this policy allows this group to do much more than use SSO. what exactly is happening when we allow this policy?
Thanks for addressing my questions.
0 -
These specific policies should be assigned to only those users who are designated to create and manage Fusion Analytics instances in the tenancy. This must not be assigned to all users who request access to Fusion Analytics application. These policies allow users to view and manage the Fusion Analytics instance and its associated OAC and ADW instances in the tenancy. Hope this clarifies.
0 -
Hi @Ravi Guddanti-Oracle this makes sense. But can you clarify further - how in background does this step enable all users to use SSO access to FAW? I see for scenario#2 , this is the only step mentioned for enabling SSO.
0 -
@User_L2TQS As @Ravi Guddanti-Oracle mentioned, these policies are only required for those users that need to administrate FDI and its associated OAC and ADW in the tenancy. As per scenario# 2, both Fusion Applications and FDI are associated with the same identity domain within the same cloud tenancy. So, the SSO is already taken care.
@Ravi Guddanti-Oracle Please correct me if I am missing something.0 -
@BalagurunathanBagavathy-Oracle Makes sense. But I am still not sure why is this step to add policy mentioned in the SSO document Scenario#2 ?
0