1. Security Configuration Guide
  2. Enabling SSO with Security Agents
  3. Configuring EPM System for Header-based SSO with Oracle Identity Cloud Services
  4. Enabling Header-Based Authentication for EPM System
  5. Adding EPM System Application and Gateway to Oracle Identity Cloud Services

Adding EPM System Application and Gateway to Oracle Identity Cloud Services

To set up header-based authentication, you need to create Oracle Enterprise Performance Management System as an Enterprise Application.

Add EPM System as an Enterprise Application in Oracle Cloud Identity Console

To add EPM System as an enterprise application:

  1. Access Oracle Cloud Identity Console as a Domain Administrator.
    1. Using a browser, go to https://www.oracle.com/cloud/sign-in.html.
    2. Enter your Oracle Fusion Cloud EPM Account Name.
    3. In Oracle Fusion Cloud EPM Account Sign In page, enter your user name and password, and then click Sign In.
    4. In the Navigation Drawer, click Users, and then Identity (Primary).
    5. Click Identity Console.
  2. Add EPM System as an Enterprise Application.
    1. In the Navigation drawer, click Applications.
    2. Click Add, and then Enterprise Application.

    Enterprise application settings for EPM System

  3. Add application details:
    1. In Name, enter a unique name to identify EPM System enterprise application.
    2. Enter an optional description.
    3. Optionally, upload an application icon for EPM System. Click Upload to select and upload the icon.
    4. In Application URL, enter the launch URL to which the gateway should redirect users. This URL is the FQDN of the Oracle App Gateway appended with workspace/index.jsp, which is the EPM System application context.
    5. Under Settings, select Display in My Apps to display the EPM System enterprise application on the SSO Configuration tab of the My Apps page in Oracle Cloud Identity Console.
    6. Click Next.
  4. Specify SSO Configuration details.
    1. Click SSO Configuration.
    2. Add a resource for the enterprise application.

      In SSO Configuration, expand Resources.

      1. Click Add.
        Sample Resource definition for EPM System

      2. Specify a unique resource name.
      3. In Resource URL, enter /.*.
      4. Select the Regex check box.
      5. Click OK.
      6. In SSO Configuration, expand Resources.
    3. Add authentication policy.

      In SSO Configuration, expand Authentication Policy.

      1. Select Allow CORS and Require Secure Cookies check boxes.
      2. Click Add under Managed Resources and define Form or Access Token as the authentication method for the SSO resource.
        Sample Authentication Policy Resource for EPM System

      3. In Resource, select the SSO resource that you added in the preceding step.
      4. Expand Headers.
      5. Enter the name of the HTTP header that will be propagated to EPM System.

        Default authentication header name is HYPLOGIN. You can use any name of your choice.

      6. In Value, select the property that uniquely identifies EPM System users.

        The value of this field should match the user's identity in EPM System. For example, if the user identity in EPM System is the email id, then select Work Email as the value.

      7. Click Save.
  5. Click Finish to create the enterprise application.
  6. Click Activate to enable the application.
  7. Register an App Gateway and set up the host and app for EPM System.
    1. In the Navigation Drawer, click Security and then App Gateways.
    2. Click Add.
    3. In Details, enter a unique name for the gateway and an optional description.
    4. Click Next to open the Hosts screen.
    5. Add an App Gateway host for EPM System.
      1. In the Hosts screen, click Add.
        Host settings for App Gateway

      2. In Host Identifier, enter EPMAppGateway.
      3. In Host, enter the fully-qualified domain name of the computer that hosts the App Gateway server, for example, gateway.server.example.com.
      4. In Port, enter the port at which the App Gateway server responds to HTTPS requests.
      5. Select the SSL Enabled check box.
      6. In Additional Properties, enter the following:
        • SSL certificate location
        • SSL certificate key
        • SSL password file (if needed)
        For detailed information, see "Register an App Gateway" within "Setup an App Gateway" in Administering Oracle Identity Cloud Service.
      7. Click Save.
      8. Click Next to open the Apps screen.
    6. Add the EPM System enterprise application to the App Gateway.
      1. On Apps, click Add.
      2. In Application, select the EPM System enterprise application that you previously added to Oracle Cloud Identity Console.
        EPM System enterprise application settings in the App Gateway

      3. In Select a Host, select EPMAppGateway (the EPM System host that you added to the App Gateway).
      4. In Resource Prefix, enter / to forward all requests to the EPM System host.
      5. In Origin Server, enter the fully-qualified domain name of the computer that hosts Oracle Hyperion Enterprise Performance Management Workspace and the port number that EPM Workspace uses.
      6. Click Save.
  8. Record the Client ID and Client Secret of the App Gateway. These values are required to set up the App Gateway.
    1. In the Navigation Drawer, click Security and then App Gateways.
    2. Click the name of the Gateway that you added for EPM System enterprise application.
    3. Copy the Client ID (an alpha-numeric string) to a text editor.
    4. Click Show Secret to display the client secret code.
    5. Copy the Client Secret (an alpha-numeric string) to the text editor.
    6. Save the text file.

    Note:

    The App Gateway server must be restarted each time a configuration update is made to the Oracle Identity Cloud Services. To start and stop the App Gateway server, see Start and Stop App Gateway.