How to Configure OEM 12c Cloud Control Auto Provision with OID for Segregated / Different Groups and Members? (Doc ID 2128325.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Enterprise Manager Base Platform - Version 12.1.0.1.0 and later
Information in this document applies to any platform.

Goal

Integrating Oracle Enterprise Manager (EM) 12c Cloud Control with Oracle Internet Directory (OID) 11g.

Followed:
Oracle® Enterprise Manager Cloud Control Security Guide 12c Release 5 (12.1.0.5) E36415-07
Chapter 2 Security Features
Section 2.1.6 Oracle Internet Directory (OID)

Able to configure OID and Microsoft (MS) Active Directory (AD) logins on EM 12c Cloud Control without auto provision with one group.

However this is also allowing all users to login and get an account created on OEM when using autoprovision.

There are a number of team, say 4 teams, each team with a few members.  Each team needs to have different OEM roles.

How to set up those different groups and add users for auto provision?

Adding new groups in OID and assigning the desired members works, but if a user is not part of those groups, it is still able to login and create id on Cloud Control. No roles for those IDs get assigned, however OEM should not have allowed the user to login in the first place.

How to properly create segregated groups with different access for each group so they work with OEM 12c and auto-provision as desired?

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms