EPM System users must be authenticated before their provisioning data is checked to determine the EPM System applications that they can access. By default, users enter a user name and password into a product login screen to gain Single Sign-On (SSO) access to all EPM System products.
You can also configure EPM System products to work with a security agent, which can pass pre-authenticated users to EPM System products. Use of other authentication mechanisms; for example, client certificate authentication, custom Java authentication, and Kerberos are also possible. For detailed information on configuring security agents for EPM System, see the Oracle Hyperion Enterprise Performance Management System Security Administration Guide.
User authentication mechanisms, shared across EPM System products, are used to validate the user credentials against configured user directories. User authentication, along with product-specific authorization, grants the user access to EPM System products. Authorization is granted through provisioning.
SSO is a session and user-authentication process that enables EPM System product users to enter credentials only once, at the beginning of a session, to access multiple products. SSO eliminates the need to log in separately to each product to which the user has access.
The following sections describe the components that support SSO: