3-2 Security Guide for Oracle Business Intelligence Enterprise Edition Roles for example, BIConsumer, BIAuthors, and BIAdministrator, and any additional Application Roles that you create. For more information about assigning users and groups to Application Roles, see Section 2.4, Creating and Managing Application Roles and Application Policies Using Fusion Middleware Control . You continue to use the other Oracle Business Intelligence tools i.e. the Oracle BI Administration Tool, Fusion Middleware Control, and the Administration Page in Analytics to manage the other areas of the security model. For a current list of supported authentication providers and directory servers to use with Oracle Business Intelligence, you select the authentication provider from the Type list in the Create a New Authentication Provider page. For more information, see System Requirements and Certification . You can configure more than one supported authentication provider for more information, see Section 3.2.3.3, Configuring Oracle Business Intelligence to use Multiple Authentication Providers . If a directory server other than the default WebLogic LDAP Server is being used, you can view the users and groups from that directory server in Oracle WebLogic Server Administration Console. However, you must continue to manage the users and groups in the interface for the directory server being used. For example, if you are using OID, you must use OID Console to create and edit users and groups. This topic contains the following sections: ■ Section 3.2.1, High Level Steps for Configuring Alternative Authentication Providers ■ Section 3.2.2, Prerequisites for Using Alternative Authentication Providers ■ Section 3.2.3, Configuring Oracle Business Intelligence To Use Alternative Authentication Providers ■ Section 3.2.4, Configuring User And Group Name Attributes In The Identity Store ■ Section 3.2.5, Configuring the GUID Attribute in the Identity Store ■ Section 3.2.6, Configuring a New Trusted User BISystemUser ■ Section 3.2.7, Regenerating User GUIDs

3.2.1 High Level Steps for Configuring Alternative Authentication Providers

To configure alternative authentication providers: Prerequisite: Ensure that only the Admin Server is running. 1. Setup and configure groups and users to enable Oracle Business Intelligence to use an alternative authentication provider as described in Section 3.2.2, Prerequisites for Using Alternative Authentication Providers . 2. Configure Oracle Business Intelligence to use alternative authentication providers as described in Section 3.2.3, Configuring Oracle Business Intelligence To Use Alternative Authentication Providers . 3. Configure the User Name Attribute in the Identity Store to match the User Name Attribute in the authentication provider as described in Section 3.2.4, Configuring User And Group Name Attributes In The Identity Store . 4. Go to the myrealm\Users and Groups tab to verify that the users and groups from the alternative authentication provider are displayed correctly. If the users and Using Alternative Authentication Providers 3-3 groups are displayed correctly, then proceed to Step 5. Otherwise, re-set your configuration settings and re-try. 5. Configure a new trusted user account for a user in the alternative authentication provider to match the account for DefaultAuthenticator as described in Section 3.2.6, Configuring a New Trusted User BISystemUser . 6. Update the user GUIDs to be the values in the alternative authentication provider as described in Section 3.2.7, Regenerating User GUIDs . 7. Assign Application Roles to the correct groups enterprise roles for the new identity store, using Fusion Middleware Control. For more information, see Section 2.4.4.2, Adding or Removing Members from an Application Role .

3.2.2 Prerequisites for Using Alternative Authentication Providers