Oracle Fusion Data Intelligence

Welcome to the Oracle Analytics Online Forum!

We're thrilled to have you join our community of analytics enthusiasts and professionals. To enhance your experience and foster meaningful interactions, we encourage you to personalize your profile by setting up a display name and uploading a profile picture. Your display name will be how others recognize and engage with you in discussions, while a profile picture adds a personal touch to your forum presence.

Take a moment to update your profile with a display name and an image representing you. Let's create a vibrant and engaging community together!

SSO for FAW - what is the 'GroupName' in documentation.

Accepted answer
108
Views
10
Comments
User_L2TQS
User_L2TQS ✭✭✭

What should be the "GroupName" while setting up SSO for FAW as per Scenario#2:

Use the Oracle Cloud Infrastructure Console and add these policies to enable users from the identity domain associated with Oracle Fusion Cloud Applications to access the Oracle Fusion Analytics Warehouse compartments:

Allow group '<DomainName>'/'<GroupName>' to manage analytics-warehouses in 
      tenancy
      Allow group '<DomainName>'/'<GroupName>' to manage
        analytics-instances in 
      tenancy
      Allow group '<DomainName>'/'<GroupName>' to manage
        autonomous-database-family 
      in tenancy
      Allow group '<DomainName>'/'<GroupName>' to manage all-resources
        in 
      compartment <compartment name>

Tagged:

Best Answers

  • Sumanth V -Oracle
    Sumanth V -Oracle ✭✭✭✭✭
    Answer ✓

    @User_L2TQS - It should have all users who would be logging into applications (Fusion and FAW). The access can be controlled later as part of authorization assigning them specific application roles based on the requirement.

  • RajeshPolavarapu-Oracle
    Answer ✓

    Hi @User_L2TQS

    The above policies are not for enabling SSO. Those policies are given to a group members who can manage FAW instances and it's associated OAC, ADW instances with in OCI tenancy.

    In short those users in a group whom you are allowing can create,manage,delete FDIP/FAW instances in OCI.

    SSO should work by default between your Fusion Applications and Fusion Data Intelligence as they share same identity domain in same OCI tenancy.

    If SSO is not working, you can raise support ticket to go through the configuration of your IdP and SSO policies with in your Identity domain.

    Thanks.

Answers

  • Sumanth V -Oracle
    Sumanth V -Oracle ✭✭✭✭✭

    @User_L2TQS - Please provide the Group Name created in the IAM domain which has been created in order to manage the security of Fusion applications.

    <GroupName> is the name of the group you want to grant permissions to.

    Once the permissions is provided to the group all the users within the group inherit the assigned permissions automatically.

  • User_L2TQS
    User_L2TQS ✭✭✭

    so ideally this group would contain all users logging into applications (Fusion and FAW) or only admin?

  • @User_L2TQS As per policies granted to the group, the members of this group will FDI Admin Users. Please refer https://docs.oracle.com/en/cloud/saas/analytics/24r2/fawag/add-users-administrator-permissions.html

    Regards,
    Bala.

  • User_L2TQS
    User_L2TQS ✭✭✭
    edited June 25

    @BalagurunathanBagavathy-Oracle if the group should only have Admin user, how does these policies help all FDI users to use SSO login?

    It is confusing to understand what this step actually does in the background to enable SSO access to FAW for users. @Sumanth V -Oracle please can you clarify further.

  • Sumanth V -Oracle
    Sumanth V -Oracle ✭✭✭✭✭

    @BalagurunathanBagavathy-Oracle - Thanks for the update, but the document states below:

    Add policies to grant the non-administrator user permission to create an autonomous data warehouse (ADW) and Oracle Analytics Cloud in the compartment that you created, for example, FAWServicesCompartment. Ensure that the compartment in which you grant the manage ADW and Oracle Analytics Cloud permissions is the same as the compartment in which the non-administrator user has a manage permission for Oracle Fusion Data Intelligence instances.

    As per design one can use only one ADW and the polices are at OCI level and users will be able to manipulate if and only if they have access to OCI console.

  • @Sumanth V -Oracle These policies are only required for those users that need to administrate FDI and its associated OAC and ADW in the tenancy. As per scenario# 2, both Fusion Applications and FDI are associated with the same identity domain within the same cloud tenancy. So, the SSO is already taken care. Does this clarify?

  • Sumanth V -Oracle
    Sumanth V -Oracle ✭✭✭✭✭

    @BalagurunathanBagavathy-Oracle - Yes. Thanks for the clarification.

    @User_L2TQS - Please change the accepted answer the correct one so that it helps the other users referring the thread. Thank you!

  • User_L2TQS
    User_L2TQS ✭✭✭

    @Sumanth V -Oracle Can you please summarize why this step is necessary for enabling SSO? In Scenario#2 -

    Allow group '<DomainName>'/'<GroupName>' to manage analytics-warehouses in 
          tenancy
          Allow group '<DomainName>'/'<GroupName>' to manage
            analytics-instances in 
          tenancy
          Allow group '<DomainName>'/'<GroupName>' to manage
            autonomous-database-family 
          in tenancy
          Allow group '<DomainName>'/'<GroupName>' to manage all-resources
            in 
          compartment <compartment name>