Upload
alvaro-alcocer-sotil
View
231
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 1
These training materials are confidential to Siebel. They may not be used to train anyone other than Accenture employees who have attended Siebel training.
If the materials are marked "Restricted Use Allowed" you may use the information to help clients who are evaluating vendors, one of which must be Siebel and you may use the information to help clients which are implementing Siebel.
If they are not so marked, then the information may only be used to help clients who are implementing Siebel.
In either case, you can not;(a) use the materials if you are involved developing or are likely to be involved in developing a product competitive to Siebel(b)use the materials for a client who is a competitor of Siebel; or(c) provide the materials to any third party, whether it is a client or otherwise.
If you are going to be discussing Siebel with a client and using these training materials as the basis of information you provide to the client, you must also make sure Accenture has a nondisclosure agreement in place with the client (as part of a Consulting Services Agreement or otherwise).
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 2
Please adjust volume to hear audio.Audio will play automatically for each slide upon advance.You may replay audio by clicking on the speaker icon in the upper right hand corner of each slide.
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 3
Creating an Organization and Authenticating Users
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 4
Module Objectives
This module will accomplish the following:
• Define your company’s organizational hierarchy in the Siebel application
• Describe the difference between authentication and Access Control
• Describe internal and external authentication and how each works in Siebel eBusiness applications
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 5
Organizational Hierarchy
• Allows for the definition of organizations, divisions, and positions
• Use a top-down approach to define the company structure
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 6
Defining Company Structure • Create the company structure by defining:
Organizations Divisions Positions Responsibilities Employees
• Company structure determines the records and views to which employees have access
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 7
Defining Organizations and Divisions
• Allows your company to: Partition itself into logical groups, and then segregate data based on
these groups Limit access to data based on the organization(s) and divisions(s) to
which positions are assigned
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 8
Defining Divisions
• Navigate to Group AdministrationDivisions
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 9
Defining Organizations
• Set Organization Flag to make a division an organization
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 10
Defining Organizations (cont’d)
• Navigate to Group AdministrationOrganizations
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 11
Defining Employees• Navigate to User AdministrationEmployees to define
employees
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 12
Defining Positions• Navigate to Group AdministrationPositions
• Create positions based on your reporting structure Ask the question “Who needs to see what?”
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 13
Defining Responsibilities
• Navigate to Application AdministrationResponsibilities
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 14
Position and Responsibility
• There is no relationship between position and responsibility
• Employees are assigned: One or more positions One or more responsibilities
Return to Knowledge Check
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 15
User Authentication• Authentication:
Determines and validates the user’s identity Is controlled inside or outside of the Siebel application 3 Types of Authentication:
• Database Authentication• Security Adapter Authentication• Web single Sign on
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 16
Open Authentication Architecture• Open Authentication adaptor provides three approaches for
authentication
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 17
Siebel Authentication Manager• Runs within the Siebel object manager
• Verifies credentials
• Establishes connection to Siebel database
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 18
Two Types of Authentication• Internal authentication:
Verifies against the relational database (RDBMS) and Siebel application
• Also known as database authentication
• External authentication: Uses an external file (or directory) and security adapter to
authenticate users
Return to Knowledge Check
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 19
Internal Authentication• Requires a database (RDBMS) login
and password for each user
• Is the default for Siebel applications
• Authenticates users accessing one or more Siebel applications
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 20
Example of Internal Authentication
• Scenario: Rob is a new employee and requires access to Siebel Call Center
• Administration steps:1) Database Administrator (DBA) creates RDBMS login and
password2) DBA grants user proper access rights3) System administrator creates Siebel employee record, which
defines login, position, and responsibility
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 21
Example of Internal Authentication (cont’d)
• User authentication steps: 1) Rob enters credentials (login and password) in Siebel Call
Center login form 2) Rob’s login and password are verified in RDBMS3) Rob’s position and responsibility are determined in the Siebel
application4) Rob starts using Siebel Call Center 5) If Rob’s credentials are not validated in the RDBMS and Siebel
application, he receives an error message at login
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 22
External Authentication• Uses an external directory containing
user credential and administrative information
• Allows for centralized management of user authentication across Siebel and non-Siebel applications
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 23
External Authentication (cont’d)• Standard Siebel software provides prebuilt security adapters
for LDAP and ADSI Lightweight Directory Access Protocol (LDAP) is an open network
protocol • LDAP security adapter allows Siebel applications to access standard
LDAP directories
Active Directory Service (ADSI)• ADSI security adapter allows Siebel applications to access Microsoft
Active Directory
Security Adaptor Software Developers Kit• API documentation and sample code for building custom adaptors
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 24
Example of External Authentication
• Scenario: Mary is a new customer and needs access to Siebel eService
• Administration steps1) Enable eService to communicate with external directory by
updating parameters in eservice.cfg and eapps.cfg• Restart Siebel Server to activate changes in eservice.cfg• Restart Siebel Server and Web Server to activate changes in eapps.cfg
2) Update system preferences3) Activate user registration workflows
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 25
Benefits of External Authentication
• From a user perspective Allows for login maintenance and self-registration Allows for Web Single Sign On
• Ability to log in only once and access all applications within a Web site or portal
• From an administration perspective Reduces overhead by not having to maintain database logins
and passwords for each and every user External directory can be used for other applications
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 26
Maintaining Login Information• External authentication allows Web users to maintain their login
information Reduces burden on system administrator to maintain user login
information
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 27
Web Single Sign on (SSO)• Allows users to log in once via the Web to access multiple
applications at a given site Siebel applications support Web Single Sign On by allowing users
to provide one set of credentials for access to multiple applications
• Authentication occurs at Web server level, not at application level Credential collection and verification is external to Siebel
applications
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 28
Web Single Sign on Configuration • Web Server (IIS, iPlanet, IBM HIS)
Create a protected virtual directory Configure authentication client
• Siebel Web Server Extension Edit eApps.cfg to designate the variable through which the
authenticated user identifier will be passed
• Siebel Security Adaptor Edit application CFG file to set security adaptor in Single Sign On
mode
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 29
Web Single Sign On - Shared Infrastructure
• Centralizes authentication for all Web Applications
• Maintains global “Web site” session
• “Pluggable” at the Web server level
• Examples: Web server basic authentication SSL with client authentication Commercial authentication/authorization
servers
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 30
Web Single Sign on (SSO) - Data Flow
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 31
Guidelines for Using Authentication
Requires no additional infrastructure components
Supports dynamic user registration
Limits number of database accounts on RDBMS
Database Authenticati
on
Supports Web SSO
Offers centralized store for user credentials and roles
WebSSO
Security Adapter
Desired Deployment or Functionality
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 32
Summary
Now that you have completed this module, you shouldbe able to:
• Define your company’s organizational hierarchy in the Siebel application
• Describe the difference between authentication and Access Control
• Describe internal and external authentication and how each works in Siebel eBusiness applications
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 33
Knowledge Check
Question AnswerDefine your company’s organizational hierarchy inthe Siebel application.
• Navigate to Group Administration-> Divisions• Set Organizational Flag to make a division an or
ganization• Navigate to Group Administration-> Organizatio
ns• Navigate to User Administration-> Employees to
define employees• Navigate to Group Administration->Positions• Create positions based on your reporting structu
re• Navigate to Application Administration-> Respo
nsibilities• Create Responsibilities• Assign Responsibilities and Positions to Employ
ees
Take this opportunity to check your knowledge of the concepts presented in this module. Try to answer the questions on the slide. The answer for each question will pop up as you advance the slide. Each answer may link back to the area within the presentation where that concept is presented. At the end of the section referenced you will find a ‘Return to Knowledge Check’ hyperlink, which will take you back to this slide.
Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 34
Knowledge Check (cont’d)
Question AnswerDescribe the difference between authenticationand Access Control.
Describe internal and external authentication.
User authentication determines and validates the user’s identity.
Access control restricts what is seen in the application according to view access, customer data, master data and application access.
Internal authentication: verifies the relational database and Siebel application.External authentication: uses an external file (or directory) and security adapter to authenticate users.
Take this opportunity to check your knowledge of the concepts presented in this module. Try to answer the questions on the slide. The answer for each question will pop up as you advance the slide. Each answer may link back to the area within the presentation where that concept is presented. At the end of the section referenced you will find a ‘Return to Knowledge Check’ hyperlink, which will take you back to this slide.