Manualshelf

User Guide

ManualsBrandsOracle ManualsOtherH09993100
11121314151617181920
Security API
The Security Application Programming Interface (Security API) is the main interface to validate
users and interpret user access to Hyperion products. It is a Java API that enables Hyperion
products to authenticate users against user directories configured in Oracle's Hyperion® Shared
Services. It also allows integration with a security agents such as Netegrity SiteMinder, and
retrieval of users and groups based on names and identities. Each Hyperion application
implements the Security API to support user authentication.
Native Directory
Native Directory (OpenLDAP), an open source Lightweight Directory Access Protocol (LDAP)-
enabled user directory, is bundled and configured with Shared Services.
Native Directory functions:
Used to maintain and manage the default Shared Services user accounts required by
Hyperion products
Is the central storage for all Hyperion provisioning information because it stores the
relationships between users, groups, and roles.
Native Directory is accessed and managed using the User Management Console. Refer
toChapter 7, “Managing Native Directory” for more information on provisioning users.
User Directories
User directories refer to any corporate user and identity management system compatible with
Shared Services. Hyperion products are supported on a large number of user directories. These
include LDAP-enabled user directories, such as Sun Java System Directory Server (formerly
SunONE Directory Server) and Microsoft Active Directory, Windows NT LAN Manager
(NTLM); SAP Provider; and custom-built user directories that support LDAP version 3.
In addition to Native Directory, which is automatically configured for your environment, one
or more user directories can be configured as the user information provider for Hyperion
products.
User directories used with Hyperion products must contain an account for each user who
accesses Hyperion products. These users may be assigned to groups to facilitate provisioning.
User Authentication Scenarios
“Single Sign-on Directly to Hyperion Products” on page 12
“Single Sign-on from External Systems” on page 13
Single Sign-on Directly to Hyperion Products
Direct authentication connects Hyperion products to available user directories to verify the user
name and password (credentials) entered on the Login screen.
12
About Hyperion Security