Introduction

Starting with Empirica Signal version 8.x, the Empirica Signal and Topics Cloud Service is integrated with the Oracle Health Sciences (OHS) centralized Identity Management and Single Sign-on System (OHSIAMS).

OHSIAMS manages user credentials and controls if a user can login to a particular Cloud application or environment. In OHSIAMS, each user has a single username and password. These are valid across all enabled OHS Cloud Services, regardless of the number of different applications or environments the user has access to.

Each company that uses OHS Cloud Services nominates at least one Customer Delegated Administrator (CDA). This individual can create, enable, disable, or delete user accounts in OHSIAMS on behalf of the company, and define which applications and Cloud environments a user can access.

Even though OHSIAMS manages the user accounts, application-specific user roles and privileges are still defined in an application's administrative user interface (UI). For Empirica Signal, the person who assigns roles and privileges to users is typically the Empirica Signal Customer Administrator.

The Empirica Signal Customer Administrator can be the same person as the OHSIAMS CDA or a different individual. This guide describes both tasks that require the OHSIAMS CDA role, and tasks that require the Customer Administrator or super-user Empirica Signal application role.

The process to create accounts is different for new and upgraded users. As a result, before the CDA creates a new OHSIAMS account, the CDA must determine if that user has used the Empirica Signal Cloud environment previously.

Upgraded users have existing application accounts in Empirica Signal. The CDA must review or update the details of the Empirica Signal accounts to match OHSIAMS naming conventions. For details on how to update existing application accounts, please see Adjust the user's Empirica Signal account details.

There are two workflows for notifying a user that the OHSIAMS account has been created:

The user receives two emails: one says that the user has an account, and the other provides a temporary password. The user is expected to login, set answers to security questions, and change the password.
The user receives one email that contains both the information that the account has been created and a link to set the initial password.

Which workflow is followed depends on how the OHSIAMS tenant has been configured. For example, a newly set-up tenant follows the second workflow. If you are adding a user to an old tenant, you will likely follow the first workflow, unless the CDA has opted in to using the second workflow.