How to Configure OEM 12c Cloud Control Auto Provision with OID for Segregated / Different Groups and Members? (Doc ID 2128325.1)

Last updated on NOVEMBER 14, 2019

Applies to:

Goal

Integrating Oracle Enterprise Manager (EM) 12c Cloud Control with Oracle Internet Directory (OID) 11g.

Followed:
Oracle® Enterprise Manager Cloud Control Security Guide 12c Release 5 (12.1.0.5) E36415-07
Chapter 2 Security Features
Section 2.1.6 Oracle Internet Directory (OID)

Able to configure OID and Microsoft (MS) Active Directory (AD) logins on EM 12c Cloud Control without auto provision with one group.

However this is also allowing all users to login and get an account created on OEM when using autoprovision.

There are a number of team, say 4 teams, each team with a few members.  Each team needs to have different OEM roles.

How to set up those different groups and add users for auto provision?

Adding new groups in OID and assigning the desired members works, but if a user is not part of those groups, it is still able to login and create id on Cloud Control. No roles for those IDs get assigned, however OEM should not have allowed the user to login in the first place.

How to properly create segregated groups with different access for each group so they work with OEM 12c and auto-provision as desired?

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.