Using Alternative Authentication Providers 3-19

5. Click OK to save the changes.

6. Restart the Admin Server, Managed Servers, and BI components.

3.2.6 Configuring a New Trusted User BISystemUser

Oracle Business Intelligence uses a specific user for the configured authenticator for internal communication. If for example, you configure Oracle BI to use an alternative authentication provider for example, OID, Active Directory, then you must create a new user or select an existing user, in the alternative authentication provider to use for this purpose and grant that user the required permissions. You grant the chosen user the permission they need by making them a member of the pre-existing BISystem Application Role. When configuring multiple authenticators for more information, see Section 3.2.3.3 , this user only needs to exist in one of the Identity Stores. To create a new trusted user account with a user from the alternative authentication provider: The credentials of the trusted user account are stored in the Credential Store under the system.user key. You must point the system.user key to a set of credentials available in your authentication provider for example, OID, Active Directory. Whether you decide to use an existing user or create a new one, the process for changing the system.user is the same.

1. In the alternative authentication provider create, or identify a user for the trusted

user. Best practice is to name this trusted user BISystemUser to clarify its purpose, but you might choose any name you want. When you are finished, the Users table in Oracle WebLogic Server Administration Console should resemble the screenshot below example is for OID. 3-20 Security Guide for Oracle Business Intelligence Enterprise Edition Next add the trusted user’s credentials to the oracle.bi.system credential map. 2. From Fusion Middleware Control target navigation pane, expand the farm, then expand WebLogic Domain, and select bifoundation_domain. ■ From the WebLogic Domain menu, select Security, then Credentials. ■ Open the oracle.bi.system credential map, select system.user and click Edit. ■ In the Edit Key dialog, enter BISystemUser or name you selected in the User Name field. In the Password field, enter the trusted user’s password that is contained in the authentication provider for example, Oracle Internet Directory, Active Directory. Using Alternative Authentication Providers 3-21 ■ Click OK. Next you must make the new trusted user a member of the BISystem Application Role.

3. In Fusion Middleware Control target navigation pane, go to the Oracle WebLogic

Server domain in which Oracle Business Intelligence is installed. For example, bifoundation_domain.

4. Select Security and Application Roles from the WebLogic Domain menu, to

display the Application Roles page. 5. Click the Select Application Stripe to Search radio button, and select obi from the list. Click the search arrow to the right of the Role Name field. The Oracle Business Intelligence Application Roles are displayed and should resemble the screenshot below.

6. Select the BISystem Application Role and click Edit.

7. In the Edit Application Role page, scroll down to the Users section and click Add