Oracle Fusion Data Intelligence

Home Oracle Analytics Oracle Analytics Forums Oracle Fusion Data Intelligence Oracle Fusion Data Intelligence

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

SSO for FAW - what is the 'GroupName' in documentation.

Accepted answer
101
Views
10
Comments
User_L2TQS
User_L2TQS Rank 4 - Community Specialist
edited August 13 in Oracle Fusion Data Intelligence

What should be the "GroupName" while setting up SSO for FAW as per Scenario#2:

Use the Oracle Cloud Infrastructure Console and add these policies to enable users from the identity domain associated with Oracle Fusion Cloud Applications to access the Oracle Fusion Analytics Warehouse compartments:

Allow group '<DomainName>'/'<GroupName>' to manage analytics-warehouses in 
      tenancy
      Allow group '<DomainName>'/'<GroupName>' to manage
        analytics-instances in 
      tenancy
      Allow group '<DomainName>'/'<GroupName>' to manage
        autonomous-database-family 
      in tenancy
      Allow group '<DomainName>'/'<GroupName>' to manage all-resources
        in 
      compartment <compartment name>

Tagged:

Best Answers

  • Sumanth V -Oracle
    Sumanth V -Oracle Rank 8 - Analytics Strategist
    Answer ✓

    @User_L2TQS - It should have all users who would be logging into applications (Fusion and FAW). The access can be controlled later as part of authorization assigning them specific application roles based on the requirement.

  • RajeshPolavarapu-Oracle
    RajeshPolavarapu-Oracle Rank 6 - Analytics Lead
    Answer ✓

    Hi @User_L2TQS

    The above policies are not for enabling SSO. Those policies are given to a group members who can manage FAW instances and it's associated OAC, ADW instances with in OCI tenancy.

    In short those users in a group whom you are allowing can create,manage,delete FDIP/FAW instances in OCI.

    SSO should work by default between your Fusion Applications and Fusion Data Intelligence as they share same identity domain in same OCI tenancy.

    If SSO is not working, you can raise support ticket to go through the configuration of your IdP and SSO policies with in your Identity domain.

    Thanks.

Answers

  • Sumanth V -Oracle
    Sumanth V -Oracle Rank 8 - Analytics Strategist

    @User_L2TQS - Please provide the Group Name created in the IAM domain which has been created in order to manage the security of Fusion applications.

    <GroupName> is the name of the group you want to grant permissions to.

    Once the permissions is provided to the group all the users within the group inherit the assigned permissions automatically.

  • User_L2TQS
    User_L2TQS Rank 4 - Community Specialist

    so ideally this group would contain all users logging into applications (Fusion and FAW) or only admin?

  • BalagurunathanBagavathy-Oracle
    BalagurunathanBagavathy-Oracle Rank 6 - Analytics Lead

    @User_L2TQS As per policies granted to the group, the members of this group will FDI Admin Users. Please refer https://docs.oracle.com/en/cloud/saas/analytics/24r2/fawag/add-users-administrator-permissions.html

    Regards,
    Bala.

  • User_L2TQS
    User_L2TQS Rank 4 - Community Specialist
    edited June 25

    @BalagurunathanBagavathy-Oracle if the group should only have Admin user, how does these policies help all FDI users to use SSO login?

    It is confusing to understand what this step actually does in the background to enable SSO access to FAW for users. @Sumanth V -Oracle please can you clarify further.

  • Sumanth V -Oracle
    Sumanth V -Oracle Rank 8 - Analytics Strategist

    @BalagurunathanBagavathy-Oracle - Thanks for the update, but the document states below:

    Add policies to grant the non-administrator user permission to create an autonomous data warehouse (ADW) and Oracle Analytics Cloud in the compartment that you created, for example, FAWServicesCompartment. Ensure that the compartment in which you grant the manage ADW and Oracle Analytics Cloud permissions is the same as the compartment in which the non-administrator user has a manage permission for Oracle Fusion Data Intelligence instances.

    As per design one can use only one ADW and the polices are at OCI level and users will be able to manipulate if and only if they have access to OCI console.

  • BalagurunathanBagavathy-Oracle
    BalagurunathanBagavathy-Oracle Rank 6 - Analytics Lead

    @Sumanth V -Oracle These policies are only required for those users that need to administrate FDI and its associated OAC and ADW in the tenancy. As per scenario# 2, both Fusion Applications and FDI are associated with the same identity domain within the same cloud tenancy. So, the SSO is already taken care. Does this clarify?

  • Sumanth V -Oracle
    Sumanth V -Oracle Rank 8 - Analytics Strategist

    @BalagurunathanBagavathy-Oracle - Yes. Thanks for the clarification.

    @User_L2TQS - Please change the accepted answer the correct one so that it helps the other users referring the thread. Thank you!

  • User_L2TQS
    User_L2TQS Rank 4 - Community Specialist

    @Sumanth V -Oracle Can you please summarize why this step is necessary for enabling SSO? In Scenario#2 - 

    Allow group '<DomainName>'/'<GroupName>' to manage analytics-warehouses in 
      tenancy
      Allow group '<DomainName>'/'<GroupName>' to manage
        analytics-instances in 
      tenancy
      Allow group '<DomainName>'/'<GroupName>' to manage
        autonomous-database-family 
      in tenancy
      Allow group '<DomainName>'/'<GroupName>' to manage all-resources
        in 
      compartment <compartment name>