BI Applications and Embedded BI, Part 4
Posted by Dylan Wan on January 29, 2008
This is my 4th post about the embedded BI. The key is that a OBIEE and OBIA warehouse based solution is embeddable to the OLTP system as long as the OLTP system can provide the basic support.
In this article, I will discuss one of the key enabling technology – integrated authentication.
The data provided by the OLTP and BI Apps should be secured. Only qualified person is allowed to view the data. Authentication is referring to verifying the user that have the access to the system. What data a person can see will be a separate topic in a separate post Integrated security in the future.
Ideally, the integrated authentication should allow the user login once and navigate to the BI Apps and OLTP back and forth. The integrated authentication should ease the adminstrator’s jobs to centralized the user administration. At least, the user should not need to remember multiple user names and can user the same user and password for accessing multiple apps.
Authentication in BI Server
OBIEE provides multiple ways to authenticating users.
- Users are defined in the BI server repository
- Users are define in LDAP server
- User are database users
- Users are defined in an external database
These methods can be used in the integrated authentication:
If the users are stored in your LDAP server, you can import the users into BI repository and use the method 1 for the integrated authentication. The user can use the same user name to login both OLTP and BI Apps, but they are authenticated separately.
Althernatively, if your transactional apps use LDAP based authentication, you can configure the BI server to authenticate the users using the same LDAP server. The same user and password will be used. Many modem web apps uses LDAP based authentication so this option could be very useful.
The 3rd option is used when you use database login user to authenticate the apps users. In real life, I have not seen much apps to use database based authentication, except the Database Admin tools.
The 4th option could be used in accessing the OLTP apps when they maintain the user information in a database table. This can be applied to Siebel apps and Oracle E-Business Suite.
In additional to above options, OBIEE can also support Oracle Single-Sign On. You can register Oracle BI apps as a partner apps to the Oracle SSO server. When a user tried to access the BI apps, the user is redirected to the Single Sign-On server page. After the user enters th eSSO user and password, the SSO server will set the SSo cookies and pass the users back to BI Apps. This can be used as the integrating authentication model for access Oracle E-Business Suite. if you configure your EBS using Oracle SSO.