Categories
- All Categories
- 75 Oracle Analytics News
- 7 Oracle Analytics Videos
- 14K Oracle Analytics Forums
- 5.2K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 40 Oracle Analytics Trainings
- 59 Oracle Analytics Data Visualizations
- 2 Oracle Analytics Data Visualizations Challenge
- 3 Oracle Analytics Career
- 4 Oracle Analytics Industry
- Find Partners
- For Partners
Using SSO connection with On Prem Essbase
We created a connection to our Essbase source using the BI Admin tool (rpd) and were able to successfully create a subject area and build visualizations within OAC. To create the Essbase connection we used our ADMIN credentials that has access to all data.
Our security requirement is that we need to use Essbase user data security.
The essbase Active Directory is completely separate from our OAC login directory so there is no way to quickly use the SSO option within the BI Admin tool.
Is it even possible to use the SSO option in the tool to use user credentials rather than the ADMIN credentials if the two logins are completely different. Has anyone found a workaround for this issue? Is it possible to have a pop up box appear like when you use the direct connection to Essbase.
Best Answer
-
If you create a dv > connection to essbase (instead of using rpd) the following option exists:
- Require users to enter their own credentials - Oracle Analytics prompts users to enter their own user name and password for the data source. Users can only access the data for which they have the permissions, privileges, and role assignments.
However note that these users must be non-federated users in essbase.
If you want to use the sso option, the user must exist in same format in both oac idp and essbase idp (meaning if in oac user is abc@oracle.com, essbase user format should also be abc@oracle.com, password are not checked). When using SSO option the admin users credential is used to impersonate as the logged in user. As long as admin credentials are valid and username format matches, essbase should be able to impersonate.
The recommended approach is of course to use same idp for both the applications.
0
Answers
-
Based on the details provided, it appears that Essbase and OAC are configured to use two distinct Identity Providers (IdPs), which makes Single Sign-On (SSO) unfeasible in this scenario.
When SSO is enabled, every time a user in OAC initiates a request, the user’s credentials are verified by OAC's configured IdP. If the IdP in Essbase is different from OAC’s, the authentication attempt will fail, resulting in errors.
For SSO to function correctly, both Essbase and OAC must be integrated with the same Identity Provider. This alignment ensures that user authentication is successful and any data-level security policies defined for the shared environment will be properly enforced.
0