User Authentication Components

Oracle Enterprise Performance Management System users must be authenticated before their provisioning data is checked to determine the EPM System components that they can access. By default, users enter a user name and password into a login screen to gain single sign-on (SSO) access to all EPM System components for which they are provisioned.

SSO is a session and user-authentication process that enables EPM System product users to enter credentials only once, at the beginning of a session, to access multiple products. SSO eliminates the need to log in separately to each product to which the user has access.

To enhance security, EPM System components may be protected using security agents that can pass preauthenticated users to EPM System. Additionally, EPM System security can be enhanced by using other mechanisms such as client certificate authentication, custom Java authentication, and Kerberos. For detailed information on establishing a securing infrastructure for EPM System, see the Oracle Enterprise Performance Management System Security Configuration Guide.

EPM System components check authenticated user credentials against configured user directories. User authentication, along with component-specific provisioning, grants the user access to EPM System components. Provisioning Managers grant users access to artifacts belonging to EPM System components.

The following sections describe the components that support SSO:

• Native Directory

• User Directories