[/map {"- map/map "}) [/map/title {"- topic/title "}) Controlling access to Studio (title] [/map/topicref {"- map/topicref "}) [/map/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicmeta/navtitle {"- topic/navtitle "}) About Managing Users in Studio (navtitle][/map/topicref/topicmeta/linktext {"- map/linktext "}) About Managing Users in Studio (linktext][/map/topicref/topicmeta/shortdesc {"- map/shortdesc "}) You can create users directly in Studio, or connect to an LDAP system. (shortdesc] (topicmeta][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) About user roles (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) About user roles (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) In Studio, each user is assigned a user role.The user role controls the functions that the user has access to. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) About the default user (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) About the default user (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) When you first install Studio, a default user is created. (shortdesc] (topicmeta] (topicref] (topicref] [/map/topicref {"- map/topicref "}) [/map/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicmeta/navtitle {"- topic/navtitle "}) Creating and Editing Users in Studio (navtitle][/map/topicref/topicmeta/linktext {"- map/linktext "}) Creating and Editing Users in Studio (linktext][/map/topicref/topicmeta/shortdesc {"- map/shortdesc "}) The Users page on the Studio Control Panel provides options for creating and editing Studio users. (shortdesc] (topicmeta][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Configuring the type of user name for Studio (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Configuring the type of user name for Studio (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) Each Studio user has both an email address and a screen name.By default, users log in to Studio using their email address. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Creating a new user (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Creating a new user (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) Even if you are importing users from LDAP, you may still want to create a few users directly in Studio. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Editing a Studio user (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Editing a Studio user (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) The Users page also allows you to edit a user's account. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Preventing a user from creating applications (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Preventing a user from creating applications (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) When you first create a new user, they are by default assigned the Power User role.This role allows the user to create Studio applications. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Deactivating, reactivating, and deleting Studio users (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Deactivating, reactivating, and deleting Studio users (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) From the Users page of the Control Panel, you can make an active user inactive.You can also reactivate or delete inactive users. (shortdesc] (topicmeta] (topicref] (topicref] [/map/topicref {"- map/topicref "}) [/map/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicmeta/navtitle {"- topic/navtitle "}) Integrating with an LDAP System to Manage Users (navtitle][/map/topicref/topicmeta/linktext {"- map/linktext "}) Integrating with an LDAP System to Manage Users (linktext][/map/topicref/topicmeta/shortdesc {"- map/shortdesc "}) If you have an LDAP system, you can allow users to use those credentials to log in to Studio. (shortdesc] (topicmeta][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) About using LDAP (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) About using LDAP (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) LDAP (Lightweight Directory Access Protocol) allows you to have users connect to your Studio application using their existing LDAP user accounts, rather than creating separate user accounts from within Studio.LDAP is also used when integrating with a single sign-on (SSO) system. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Configuring the LDAP settings and server (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Configuring the LDAP settings and server (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) You configure the LDAP connection from the Control Panel.The settings include whether LDAP is enabled and required for authentication, the connection to the LDAP server, and whether to import or export users to or from the LDAP directory. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Configuring the Studio password policy when using LDAP (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Configuring the Studio password policy when using LDAP (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) When you are using LDAP, it is likely that you want user passwords to be managed outside of Studio.So if you are not using the LDAP password policy, then you may want to update the Studio password policy to prevent users from changing their password in Studio. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Preventing encrypted LDAP passwords from being stored in Studio (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Preventing encrypted LDAP passwords from being stored in Studio (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) By default, when you use LDAP for user authentication, each time a user logs in, Studio stores a securely encrypted version of their LDAP password.For subsequent logins, Studio can then authenticate the user even when it cannot connect to the LDAP system.For even stricter security, you can configure Studio to prevent the passwords from being stored. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Assigning roles based on LDAP user groups (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Assigning roles based on LDAP user groups (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) For LDAP integration, it is recommended that you assign roles based on your LDAP groups. (shortdesc] (topicmeta] (topicref] (topicref] [/map/topicref {"- map/topicref "}) [/map/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicmeta/navtitle {"- topic/navtitle "}) Setting up Single Sign-On (SSO) for Studio (navtitle][/map/topicref/topicmeta/linktext {"- map/linktext "}) Setting up Single Sign-On (SSO) for Studio (linktext][/map/topicref/topicmeta/shortdesc {"- map/shortdesc "}) Studio supports integrating with an SSO system. (shortdesc] (topicmeta][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) About single sign-on and Studio (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) About single sign-on and Studio (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) Integrating Studio with single sign-on (SSO) allows your users to be logged in to Studio automatically once they are logged in to your system. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Overview of the process for configuring SSO with Oracle Access Manager (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Overview of the process for configuring SSO with Oracle Access Manager (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) Here is an overview of the steps for using Oracle Access Manager to implement SSO in Studio. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Configuring the reverse proxy module in OHS (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Configuring the reverse proxy module in OHS (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) You must configure your OHS instance to pass traffic back to Studio as a reverse proxy.Use the appropriate instructions for your Studio application server (Tomcat or WebLogic Server). (shortdesc] (topicmeta][/map/topicref/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Reverse proxy configuration for Tomcat (navtitle][/map/topicref/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Reverse proxy configuration for Tomcat (linktext][/map/topicref/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) For Tomcat, the reverse proxy configuration consists of a tomcat-proxy.conf file that contains the reverse proxy settings. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Reverse proxy configuration for WebLogic Server (navtitle][/map/topicref/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Reverse proxy configuration for WebLogic Server (linktext][/map/topicref/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) For WebLogic Server, you need to update the file mod_wls_ohs.conf to add the logout configuration for SSO. (shortdesc] (topicmeta] (topicref] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Registering the Webgate with the Oracle Access Manager server (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Registering the Webgate with the Oracle Access Manager server (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) After you have installed the OHS Webgate, you use the remote registration (RREG) tool to register the OHS Webgate with the OAM server. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Testing the OHS URL (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Testing the OHS URL (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) Before continuing to the Studio configuration, you need to test that the OHS URL redirects correctly to Studio. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Configuring Studio to integrate with SSO via Oracle Access Manager (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Configuring Studio to integrate with SSO via Oracle Access Manager (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) In Studio, you configure the LDAP connection and Oracle Access Manager connection settings. (shortdesc] (topicmeta][/map/topicref/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Configuring the LDAP connection for SSO (navtitle][/map/topicref/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Configuring the LDAP connection for SSO (linktext][/map/topicref/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) The SSO implementation uses LDAP to retrieve and maintain the user information.For the Oracle Access Manager SSO, you configure Studio to use Oracle Internet Directory for LDAP. (shortdesc] (topicmeta] (topicref][/map/topicref/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Configuring the Oracle Access Manager SSO settings (navtitle][/map/topicref/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Configuring the Oracle Access Manager SSO settings (linktext][/map/topicref/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) After you configure the LDAP connection for your SSO integration, you configure the Oracle Access Manager SSO settings. (shortdesc] (topicmeta] (topicref] (topicref][/map/topicref/topicref {"- map/topicref "}) [/map/topicref/topicref/topicmeta {"- map/topicmeta "}) [/map/topicref/topicref/topicmeta/navtitle {"- topic/navtitle "}) Completing and testing the SSO integration (navtitle][/map/topicref/topicref/topicmeta/linktext {"- map/linktext "}) Completing and testing the SSO integration (linktext][/map/topicref/topicref/topicmeta/shortdesc {"- map/shortdesc "}) The final step in setting up the SSO integration is to add the OHS server host name and port to portal-ext.properties. (shortdesc] (topicmeta] (topicref] (topicref] (map]