User Guide

Setting Up Authentication

In This Chapter

Setting Up Direct Authentication to Hyperion Products ........................................................................19

Setting Up SSO with SAP Enterprise Portal......................................................................................21

Setting Up SSO from SiteMinder .................................................................................................25

Using NTLM to Support SSO......................................................................................................28

Setting Up Direct Authentication to Hyperion Products

The security environment of Hyperion products comprises two complementary layers:

authentication and authorization.

Setting up Hyperion security to authenticate users directly involves several broad procedures.

See details in later sections.

● “Creating Users on the User Directory” on page 19

● “Creating Groups” on page 20

● “Migrating Users and Groups to Shared Services Security” on page 20

● “Installing and Deploying Shared Services” on page 20

● “Identifying User Directories to Shared Services” on page 20

Creating Users on the User Directory

The security environment of Hyperion products requires that user credentials be checked against

a user directory as a part of the authentication process. This requirement mandates that each

Hyperion application user have an account on the user directory. A unique user identifier

(typically the user name) defined on the user directory is the foundation on which Hyperion

application security is built.

In most deployment scenarios, existing user directories (with user accounts) are used to support

user authentication. For information on creating user accounts, see vendor documentation. See

“Creating Users” on page 81 for information on creating Native Directory users.

Setting Up Direct Authentication to Hyperion Products