Dylan's BI Study Notes

My notes about Business Intelligence, Data Warehousing, OLAP, and Master Data Management

BI Applications and Embedded BI, Part 4

Posted by Dylan Wan on January 29, 2008

This is my 4th post about the embedded BI. The key is that a OBIEE and OBIA warehouse based solution is embeddable to the OLTP system as long as the OLTP system can provide the basic support.

In this article, I will discuss one of the key enabling technology – integrated authentication.

Business Requirements

The data provided by the OLTP and BI Apps should be secured. Only qualified person is allowed to view the data. Authentication is referring to verifying the user that have the access to the system. What data a person can see will be a separate topic in a separate post Integrated security in the future.

Ideally, the integrated authentication should allow the user login once and navigate to the BI Apps and OLTP back and forth. The integrated authentication should ease the adminstrator’s jobs to centralized the user administration. At least, the user should not need to remember multiple user names and can user the same user and password for accessing multiple apps.

Authentication in BI Server

OBIEE provides multiple ways to authenticating users.

  1. Users are defined in the BI server repository
  2. Users are define in LDAP server
  3. User are database users
  4. Users are defined in an external database

These methods can be used in the integrated authentication:

If the users are stored in your LDAP server, you can import the users into BI repository and use the method 1 for the integrated authentication. The user can use the same user name to login both OLTP and BI Apps, but they are authenticated separately.

Althernatively, if your transactional apps use LDAP based authentication, you can configure the BI server to authenticate the users using the same LDAP server. The same user and password will be used. Many modem web apps uses LDAP based authentication so this option could be very useful.

The 3rd option is used when you use database login user to authenticate the apps users. In real life, I have not seen much apps to use database based authentication, except the Database Admin tools.

The 4th option could be used in accessing the OLTP apps when they maintain the user information in a database table. This can be applied to Siebel apps and Oracle E-Business Suite.

Oracle SSO

In additional to above options, OBIEE can also support Oracle Single-Sign On. You can register Oracle BI apps as a partner apps to the Oracle SSO server. When a user tried to access the BI apps, the user is redirected to the Single Sign-On server page. After the user enters th eSSO user and password, the SSO server will set the SSo cookies and pass the users back to BI Apps. This can be used as the integrating authentication model for access Oracle E-Business Suite. if you configure your EBS using Oracle SSO.


2 Responses to “BI Applications and Embedded BI, Part 4”

  1. njethwa said

    Hi Dylan,
    Thanks for your great tips on OBIEE. I am getting my hands dirty on OBIEE so soon will increase the visits to your blog. Have you worked with Discoverer Hierarchies? I need to implement similar effect with OBIEE. I still haven’t explored OBIEE much but would like to know some shortcuts as I need quickly come with the solution.

    Thanks and regards

  2. dslittle said


    I have installed and am using BI Apps and all is well. I am now trying to setup authentication through AD and I am not having much luck. Also, now that I have changed the USER variable to be associated with the LDAP init block I created I am seeing the other init blocks were created by the bi apps implementation failing.

    Any help would be greatly appreciated.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s