1. Essbase Stack Deployment on Oracle Cloud Infrastructure
  2. Set Up Oracle Essbase
  3. Before You Begin with Oracle Essbase
  4. Set Up Cloud Identity Access for Essbase

Set Up Cloud Identity Access for Essbase

To set up cloud identity access, you integrate Essbase with OCI Identity and Access Management (IAM) or Oracle Identity Cloud Service (IDCS). You provision Essbase users using Essbase roles, rather than IAM or IDCS roles.

To prepare security access for Essbase, you must log in to IAM or IDCS as the identity domain administrator and complete a few tasks.

Before you can provision users and groups in Essbase, you need, during creation of the Essbase stack, to provide the name of a user in IAM or IDCS who will be the initial Service Administrator for Essbase.

This Service Administrator can then log in to the Essbase web interface to provision other users.

You also need to provide access to the signing certificate.

Complete the following tasks in IAM or IDCS before deploying the Essbase stack.

  1. Log in to the Oracle Cloud Infrastructure Console. Select Identity & Security.

  2. Click Domains.

    Ensure that an identity domain exists for the Essbase stack to use.

  3. Within the identity domain, click Users, and if not already created, add a user who will be the initial Essbase Service Administrator.

  4. To configure clients to be able to access the signing certificate for the identity domain, go to the Settings for the identity domain. Under Access signing certificate, select Configure client access.

  5. Create a confidential identity application, as described in Create a Confidential Identity Application.

  1. Log in to Identity Cloud Service as the identity domain administrator. To get to the Identity Cloud Service console from Oracle Cloud Infrastructure, click Identity, then Federation, and click on the URL link next to Oracle Identity Cloud Service Console.

  2. In the Identity Cloud Service console, expand the navigation drawer icon, click Settings, and then click Default Settings.

  3. Turn on the switch under Access Signing Certificate to enable clients to access the tenant signing certificate without logging in to Identity Cloud Service.

  4. Scroll up and click Save to store your changes.

  5. If not already created, create a user in Identity Cloud Service who will be the initial Essbase Service Administrator.

  6. Create a confidential identity application, as described in Create a Confidential Identity Application.

About Single Sign-On (SSO)

If you use single sign-on (SSO) with IAM or IDCS, your Essbase login screen routes to IAM or IDCS.

If you use SSO that is external to IAM or IDCS, you configure IAM or IDCS to point to the external security provider. The Essbase login screen routes to IAM or IDCS, which routes to the external login screen. After logging in, you're directed back to the Essbase web interface.