locked
Single Sign On Hyperion RRS feed

  • Question

  • One of our customers is looking for a single sign on service for their Hyperion application. I would have proposed MIIS, but couldn't find any relating information.
    Has anyone implemented this? Or could anyone tell me if MIIS is a suitable option?
    Wednesday, February 28, 2007 5:10 PM

Answers

  • MIIS is not an authentication service.

    The goal of MIIS is to implement a solution for managing distributed identities from a central point. MIIS has some password synchronization capabilities. However, as mentioned before, it does not do any authentication.

     

     

    Cheers,

    Markus

     

    ///////////////////////////////////////////////////////////////////////
    Markus Vilcinskas

    Technical Writer
    Microsoft Identity Integration Server
    mailto:markvi@microsoft.com.NO_SPAM

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/copyright.htm
    ///////////////////////////////////////////////////////////////////////

     

     

    Thursday, March 1, 2007 8:47 AM
    Moderator
  • I believe that Chris is on the right on about how you will be able to use MIIS. Hyperion can be set up to use AD or any other LDAP to authenticate the users and then assign groups from AD or the other LDAP to roles in Hyperion Shared Services. Once you have that set up then you can use MIIS to populate those groups based on your business rules and the state of the metaverse object.

    Hyperion (which was just acquired by Oracle this past week for several billion) enables that through Hyperion® System™ 9 Foundation Services™ which provides a single signon among their own applications. According to http://www.hyperion.com/products/resource_library/product_collateral/Foundation_Services_Product_Family.pdf, Shared Services, which is a part of Foundation services, has user provisioning and management enabling single sign on to all of their applications and "Security/Authentication stores user login information outside Hyperion System 9 ... maintained in ... LDAP, ... Active Directory, or [Winnt]."

    I am unsure of the cost of Foundation Services.

    Saturday, March 3, 2007 3:26 PM

All replies

  • MIIS is not an authentication service.

    The goal of MIIS is to implement a solution for managing distributed identities from a central point. MIIS has some password synchronization capabilities. However, as mentioned before, it does not do any authentication.

     

     

    Cheers,

    Markus

     

    ///////////////////////////////////////////////////////////////////////
    Markus Vilcinskas

    Technical Writer
    Microsoft Identity Integration Server
    mailto:markvi@microsoft.com.NO_SPAM

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/copyright.htm
    ///////////////////////////////////////////////////////////////////////

     

     

    Thursday, March 1, 2007 8:47 AM
    Moderator
  • What are your requirements for Single Sign-On and does Hyperion have an option to use AD or ADAM as an authenticator?  If the answer is no and integrating the back-end is not an option then I would recommend Version 3's Simple Sign-On product.  There app does quite a lot, requires no infrastructure and is fully integrated into AD so you don't have to - you do have to be versed in VBS or .NET in order to write the automation scripts however.
    Friday, March 2, 2007 4:57 AM
  • If I’m correct, Hyperion operates on an Oracle back-end. Unless the application itself doesn’t have the ability to use AD out of the box, you can explore the Oracle Advanced Security Components which has the ability to configure Oracle applications to use AD as the primary authentication provider.  This would allow you to maintain a common platform and centralize authentication for SSO. Additionally, this provides the possibilities for managing authorization through AD Security Groups. From here, you can leverage group management features in MIIS for automating role based security controls.

    Anything Oracle is very expensive, so you’d have to weigh your options.

    Saturday, March 3, 2007 6:23 AM
  • Thanks Chris, that was going to be my next question - what is the licensing costs involved in adding this functionality.  Of course, you'd have to weigh the costs of purchasing or developing your own SSO solution and of course direct AD integration is always preferred.
    Saturday, March 3, 2007 3:01 PM
  •  

        I know almost nothing about Hyperion except that we are using it.   Our Hyperion support asked us about authenticating with AD.  From what I remember, they could use NTLM or LDAP.    I started working with them but they never completed the project. 

     

    Ernie

    Saturday, March 3, 2007 3:12 PM
  • I believe that Chris is on the right on about how you will be able to use MIIS. Hyperion can be set up to use AD or any other LDAP to authenticate the users and then assign groups from AD or the other LDAP to roles in Hyperion Shared Services. Once you have that set up then you can use MIIS to populate those groups based on your business rules and the state of the metaverse object.

    Hyperion (which was just acquired by Oracle this past week for several billion) enables that through Hyperion® System™ 9 Foundation Services™ which provides a single signon among their own applications. According to http://www.hyperion.com/products/resource_library/product_collateral/Foundation_Services_Product_Family.pdf, Shared Services, which is a part of Foundation services, has user provisioning and management enabling single sign on to all of their applications and "Security/Authentication stores user login information outside Hyperion System 9 ... maintained in ... LDAP, ... Active Directory, or [Winnt]."

    I am unsure of the cost of Foundation Services.

    Saturday, March 3, 2007 3:26 PM
  • I believe Hyperion is claims aware, which would allow you to leverage ADFS for authentication.

    Wednesday, March 27, 2013 2:46 PM