Aliases, Maiden Names and Nicknames
You know, I've never really understood how nicknames are worked out. It makes sense that Jon can be short for Jonathon. But how do you get from John to Jack? And from William to Bill?Regardless of the mystifying linguistic antecedents, you can accomodate this state of affairs for user management with the combination of Oracle Internet Directory and the E-Business Suite.
Linking Apps Users with OID Users
From previous posts, you know that we link user accounts in Oracle Internet Directory with their corresponding user accounts in the E-Business Suite, like this:
Every user in Oracle Internet Directory has a Global Unique Identifier (GUID). The E-Business Suite stores this Global Unique Identifier in its own user directory (FND_USER), creating a unique link between the two accounts.
Using Different Names in Apps and OID
Since the users are linked by a numerical Global Unique Identifier, it doesn't matter if their actual userids in the two namespaces don't match exactly. In addition to accomodating those mystifying nicknames, aliases, and maiden names, this is useful for integrating the E-Business Suite with LDAP directories with different userid naming conventions.
In the example above, the user's ID in Oracle Internet Directory is "john.smith", whereas his userid in Apps is "jsmith". The user logs on to Single Sign-On using his "john.smith" userid and transparently passes through to Apps with responsibilities tied to his "jsmith" account.
Assuming Multiple Identities
Consider this scenario. In a shared services business model, a single purchasing agent acts as the purchaser for different geographic organizations.
Each of these different organizations may have their own business setups, so separate user accounts have been created for each organization. A given purchasing agent logs into the E-Business Suite using different accounts.
The brute-force approach to handling this is to require the purchasing agent to remember different passwords for each account. A more elegant solution is to link his Oracle Internet Directory userid to each of the different Apps accounts, like this:
Using this approach, the purchasing agent logs into Single Sign-On using his "john.smith" account. One of the linked accounts is flagged as the default account, and he can easily switch to the other accounts without having to log out and back in again with a different userid.
Not in the Other DirectionThis "one-to-many" link is fully supported with both Release 11i and 12. In other words, you can link a single Oracle Internet Directory account to multiple Apps accounts.
"Many-to-one" links are not supported, however. In other words, it's not possible to link multiple Oracle Internet Directory accounts with a single Apps account.
Integration with Third-Party LDAP Directories
You might have a third-party LDAP whose userid naming conventions differ from your E-Business Suite environment. If so, your best approach is to ensure that Oracle Internet Directory is populated with those third-party userids, like this:
Related
- Password Management with Oracle Internet Directory
- Password Management with Third-Party Solutions
- In-Depth: Using Third-Party Identity Managers with the E-Business Suite Release 11i
- Identity Management in Release 12
- In-Depth: Using OracleAS 10g with E-Business Suite Release 11
- In-Depth: Using Single Sign-On 10g with E-Business Suite Release 11i
- Integrating Oracle E-Business Suite Release 11i with Oracle Internet Directory and Oracle Single Sign-On (Metalink Note 261914.1)
No comments:
Post a Comment