User Guide

Creating Groups

User accounts on user directories can be granted membership to groups based on common

characteristics such as the user function and geographical location. For example, users can be

categorized into groups such as Staff, Managers, Sales, and Western_Sales based on their function

within the organization. A user can belong to one or more groups on the user directory, which

is an important consideration in facilitating the provisioning process.

The procedures to create groups and assign group membership vary depending on the user

directory being used. For information on creating groups and assigning group membership, see

vendor documentation. See “Managing Native Directory Groups” on page 84 for information

on creating Native Directory groups.

Migrating Users and Groups to Shared Services Security

If you are upgrading Hyperion products from a release that did not support provisioning, you

must migrate users and groups from the products to Shared Services. You can migrate users who

were authenticated through native product security or through an external directory in that

release. Each product has a migration tool that enables you to migrate user, group, and role

information from Hyperion products to Shared Services. For migration information, see the

appropriate product appendix at the end of this guide.

After migrating users, you can provision users or groups as needed. See Chapter 8, “Managing

Provisioning” for details.

Installing and Deploying Shared Services

See Hyperion Shared Services Installation Guide for information about installing Shared Services

and deploying it to an appropriate application server.

Identifying User Directories to Shared Services

The Shared Services installation and deployment process sets up and configures Native Directory

as the default user directory for Hyperion products. Each additional user directory that you use

to support user authentication and SSO must be configured separately using User Management

Console.

During the user directory configuration process, you assign the search order for each user

directory. This order determines the sequence in which the authentication process searches

within configured user directories to locate the user account that matches the user login

credentials. By default, Hyperion application security is configured to terminate the search

process when a matching user account is found. If you are using multiple user directories,

Hyperion recommends that user accounts be normalized across user directories.

Information on configuring user directories:

● “Configuring Oracle Internet Directory, MSAD, and Other LDAP-Enabled User

Directories” on page 40

Setting Up Authentication