EPM System support SSO across EPM System web applications by allowing authenticated users from an application to seamlessly navigate to other applications without reentering credentials. SSO is implemented by integrating a common security environment that handles user authentication and provisioning (role-based authorization) across EPM System products.
The default SSO process is depicted in the following illustration.
Through a browser, users access a EPM System product login screen and enter user names and passwords.
The EPM System product queries the configured user directories (including Native Directory) to verify user credentials. Upon finding a matching user account in a user directory, the search is terminated, and the user's information is returned to the EPM System product.
Access is denied if a user account is not found in any configured user directory.
Using the retrieved user information, the EPM System product queries Native Directory to obtain provisioning details for the user.
EPM System product checks the Access Control List (ACL) in the product to determine the application artifacts that the user can access.
Upon receiving provisioning information from Native Directory, the EPM System product is made available to the user. At this point, SSO is enabled for all EPM System products for which the user is provisioned.