To set up security and access, you integrate Essbase with Oracle Identity Cloud Service. You provision Essbase users using Essbase roles, rather than Oracle Identity Cloud Service roles.
To prepare security access for Essbase, you must log in to Oracle Identity Cloud Service as the identity domain administrator and complete a few tasks.
Before you can provision users and groups in Essbase, you need, during creation of the Essbase stack, to provide the name of a user in Oracle Identity Cloud Service who will be the initial Service Administrator for Essbase.
This Service Administrator can then log in to the Essbase web interface to provision other users.
You also need to provide access to the signing certificate.
Complete the following tasks in Identity Cloud Service before deploying the Essbase stack.
Log in to Identity Cloud Service as the identity domain administrator. To get to the Identity Cloud Service console from Oracle Cloud Infrastructure, click Identity, then Federation, and click on the URL link next to Oracle Identity Cloud Service Console.
In the Identity Cloud Service console, expand the navigation drawer icon, click Settings, and then click Default Settings.
Turn on the switch under Access Signing Certificate to enable clients to access the tenant signing certificate without logging in to Identity Cloud Service.
- Scroll up and click Save to store your changes.
If not already created, create a user in Identity Cloud Service who will be the initial Essbase Service Administrator.
About Single Sign-On (SSO)
If you use single sign-on (SSO) with Identity Cloud Service, your Essbase login screen routes to Identity Cloud Service.
If you use SSO that is external to Identity Cloud Service, you configure Identity Cloud Service to point to the external security provider. The Essbase login screen routes to Identity Cloud Service, which routes to the external login screen. After logging in, you're directed back to the Essbase web interface.