RSS

Tag Archives: BICS Architecture

Oracle BICS and Identity Management – A New Security Architecture

Oracle BI Cloud Service, a part of PaaS, offers a highly scalable, multi-tenant Oracle BI environment that is integrated with Oracle Cloud store. Oracle BI Cloud Service features Presentation Services to create analyses and dashboards, Oracle Database Cloud Service integration, self-service web-client Data Loader and Data Modeler, simple administration, and integrated Identity Management for Security (Authentication & Authorization) Services.

When you subscribe BICS service, you will be to register for access to the Oracle Public Cloud at cloud.oracle.com. The Oracle Public Cloud is that it is built on Oracle’s Identity Management platform. Here, the Identity Managementis part of the Common Services layer and secures Oracle Public Cloud.

Out of the gate, the identity management services of the Oracle Public Cloud consist of an LDAP based identity store and a Single Sign-On (SSO) access management service. When you subscribe any oracle Public Cloud service of any type, i.e. whether it is a BI Cloud Service or a DB service, it is automatically added to your Tenant Services Group. All applications in your services group are integrated and SSO with IDM automatically and you will be login to all your Service Group apps seamlessly, without typing the login credentials for each one.

Oracle BICS Architecture:

In oracle Public cloud, when a user registers, their account and credential information is stored in Oracle Internet Directory. When a user has access to several services across Oracle Public, the single sign-on is handled by Oracle Access Manager. When a user account is disabled, it can be disabled across all services.

Oracle Identity Management Platform consists of three functional pillars and underlying platform services, as shown in the following figure:

BICS and IDM:

In Oracle BI Cloud Services, the Authentication and Authorization have been configured and maintained in Oracle IDM. That means, you have to maintain all your Oracle BI Cloud Service User accounts and Roles in integrated IDM.

Oracle BI Cloud Service – Security: simpler View:

Only the Identity Management administrators perform user management for Oracle BI Cloud Service in the Oracle Cloud Portal by managing identity domains. The identity domain contains users and roles that provide authentication to multiple Oracle Cloud services.

To secure your Oracle BI Cloud Service, apart from Authentication integration, everything is same as in OBIEE 11g. Oracle BI CS enables service administrators to provision identity domain users to use specific functionality in their Oracle BI Cloud Service instance by assigning application roles. An application role controls access to functionality available in Oracle BI Cloud Service.

Quick look at the hierarchy of predefined application Roles in BICS:



Highlights:

The Oracle IDM has been Optimized Directory as a user store and policy store, Single Sign-On via Oracle Access Manager for web access control, perimeter protection for all pages and a single point to manage user access and password management for all Oracle Public Cloud applications including Oracle BI Cloud Services.

In Simple terms, Oracle IDM is Authentication and Authoriztaion Source for Oracle BICS. The IDM platform approach is industry standard integration and pays huge dividends in the Oracle Cloud.

Thanks,
Shiva Molabanti

Advertisements
 
 

Tags: , , , , , , , , , , , , , , , ,