Aliases, Maiden Names and Nicknames
By Steven Chan - EBS-Oracle on Aug 10, 2006
You know, I've never really understood how nicknames are worked out. It makes sense that Jon can be short for Jonathon. But how do you get from John to Jack? And from William to Bill?
Linking Apps Users with OID Users
If you've been following our series of articles on using Single Sign-On and Oracle Internet Directory 10g with the E-Business Suite, you know that we link user accounts in Oracle Internet Directory with their corresponding user accounts in the E-Business Suite, like this:
Every user in Oracle Internet Directory has a Global Unique Identifier (GUID). The E-Business Suite stores this Global Unique Identifier in its own user directory (FND_USER), creating a unique link between the two accounts.
Using Different Names in Apps and OID
Since the users are linked by a numerical Global Unique Identifier, it doesn't matter if their actual userids in the two namespaces don't match exactly. In addition to accomodating those mystifying nicknames, aliases, and maiden names, this is useful for integrating the E-Business Suite with LDAP directories with different userid naming conventions.
In the example above, the user's ID in Oracle Internet Directory is "john.smith", whereas his userid in Apps is "jsmith". The user logs on to Single Sign-On using his "john.smith" userid and transparently passes through to Apps with responsibilities tied to his "jsmith" account.
Assuming Multiple Identities
One of our largest E-Business Suite customers -- one of the world's largest multinationals -- has centralized their global business services. In this business model, a single purchasing agent acts as the purchaser for different geographic organizations.
Each of these different organizations have their own business setups, so separate user accounts have been created for each organization. A given purchasing agent logs into the E-Business Suite using different accounts.
The brute-force approach to handling this is to require the purchasing agent to remember different passwords for each account. A more elegant solution is to link his Oracle Internet Directory userid to each of the different Apps accounts, like this:
This "one-to-many" link is fully supported with both Release 11i and 12. In other words, you can link a single Oracle Internet Directory account to multiple Apps accounts.
"Many-to-one" links are not supported, however. In other words, it's not possible to link multiple Oracle Internet Directory accounts with a single Apps account.
Integration with Third-Party LDAP Directories
You might have a third-party LDAP whose userid naming conventions differ from your E-Business Suite environment. If so, your best approach is to ensure that Oracle Internet Directory is populated with those third-party userids, like this:
Critical or Irrelevant?
I'm interested in hearing how useful this functionality really is for you, so if you're using any of the account linking techniques described in this article, please drop me a line with your experiences.
- Password Management with Oracle Internet Directory
- Password Management with Third-Party Solutions
- In-Depth: Using Third-Party Identity Managers with the E-Business Suite Release 11i
- Identity Management in Release 12
- In-Depth: Using OracleAS 10g with E-Business Suite Release 11
- In-Depth: Using Single Sign-On 10g with E-Business Suite Release 11i
- Integrating Oracle E-Business Suite Release 11i with Oracle Internet Directory and Oracle Single Sign-On (Metalink Note 261914.1)