About Identity Providers

You have a choice of the following options for your Essbase user management and authentication identity provider.

If you're currently an EPM customer and use Shared Services to manage your Essbase users, you can continue to do so. You cannot, however, integrate Essbase 21c directly into your existing EPM Foundation Services software. You must install a separate EPM Foundation Services [see the Compatibility Matrix for supported versions] and federate this new Shared Services instance with your LDAP provider. Application roles and any users/groups stored directly in Shared Services must be migrated to, and maintained in, the new Foundation Services. See EPM Shared Services Authentication.

If you don’t currently use Shared Services, or if you currently have only Essbase use cases, use the default WebLogic service provider. WebLogic can be federated with many external authentication identity providers. See WebLogic Authentication.

Table 5-1 Provider Comparison

Identity Provider	Users and Groups	Assign User Role	Single Sign-On Support
WebLogic Embedded LDAP (default). External LDAP or security provider.	Users and groups are managed by WebLogic or external security provider. WebLogic Embedded LDAP - users and groups are created and managed using Essbase web interface or REST API. External LDAP/identity providers - Users and groups are created and managed directly within the external provider.	Essbase web interface or Essbase REST API	Yes. It can be configured using WebLogic Administration Console. If you use Oracle HTTP Server, you can configure SSO using Oracle HTTP Server (OHS).
EPM Shared Services Built-in (native) LDAP (default) External LDAP/identity provider	Users and groups are managed using Shared Services Console in the EPM installation.	Shared Services Console	No

Provider Options Diagram