Active Directory (unified logon)

  • Thread starter Adrian_Chimirel
  • Start date
Adrian_Chimirel

Adrian_Chimirel

Legendary Poster
My company wants to implement Active Directory and I was asked if EOne can be integrated with AD.
Basically user login (ID & Password) information should be retrieved from Active Directory, when user logs into EnterpriseOne (either Fat or Web Client).
Is this possible? If yes, how, if no, where do you think I could find that information?
Thank you.
PS I already tried searching the archives, hummmm unsuccessfully ....
frown.gif
 
Yes, absolutely. I've set it up. Which EnterpriseOne release? Wait - I see you're on 8.10. You can integrate the Web client with AD on 8.9 and above, using OAS. As of 8.11 you can integrate JDE user accounts with AD, and that is independent from the web client, it works with both.

I believe WebSphere can be integrated with any release, but I've no personal experience there.

I've done the Oracle App Server Infrastructure dance between Oracle Internet Directory (OID) and Active Directory (AD). External authentication to AD works like a champ.

UnifiedLogon with the fat client (and of course Citrix) is not really single-sign on, but it works and we have been using it since OneWorld Xe.
 
Yes it can be done. In fact we are in the process of rolling out employee self service using this linkage. Our implementation also uses the IBM Websphere portal as the entry point for self service. Our back end E1 users also access the system through Active directory. There is unified log-on- between AD and the portal. There is unified and single signon between the websphere portal and the Backend E1 users who might want to access E1 through the portal. How it is implemented is just a matter of configuration. there might be some issues with length of user ID's but there are also solutions
smile.gif
 
Adrian,

For your release and situation LDAP authentication is the way to go. Search the 8.10 PeopleBooks for LDAP and you will find everything you need to configure it. Note that the web client itself (JAS server) does not authenticate against Active Directory. It is the E1 security kernel that connects to the LDAP server (in this case AD).

As mentioned by euane there are considerations around user id length. With the default LDAP mappings the E1 user profile maps to the "common name (CN)" attribute in AD. With the E1 USER field limited to 10 characters this default mapping requires you to put your 10 character E1 user id into the common name. It is possible to map to another attribute on the AD record. Take look at the LDAP mappings via the P95928 app.

Regards,
 
Hi

It was good to read your comments regarding the AD. Where I can got all the information regarding how setup single SignOn for web client

Regards,
Avinash
 
Back
Top