18 c oand_au

Siebel 2001 Configuration ©Accenture Creating an Organization and Authenticating Users - 1

These training materials are confidential to Siebel. They may not be used to train anyone other than Accenture employees who have attended Siebel training.

If the materials are marked "Restricted Use Allowed" you may use the information to help clients who are evaluating vendors, one of which must be Siebel and you may use the information to help clients which are implementing Siebel.

If they are not so marked, then the information may only be used to help clients who are implementing Siebel.

In either case, you can not;(a) use the materials if you are involved developing or are likely to be involved in developing a product competitive to Siebel(b)use the materials for a client who is a competitor of Siebel; or(c) provide the materials to any third party, whether it is a client or otherwise.

If you are going to be discussing Siebel with a client and using these training materials as the basis of information you provide to the client, you must also make sure Accenture has a nondisclosure agreement in place with the client (as part of a Consulting Services Agreement or otherwise).


Please adjust volume to hear audio.Audio will play automatically for each slide upon advance.You may replay audio by clicking on the speaker icon in the upper right hand corner of each slide.


Creating an Organization and Authenticating Users


Module Objectives

This module will accomplish the following:

• Define your company’s organizational hierarchy in the Siebel application

• Describe the difference between authentication and Access Control

• Describe internal and external authentication and how each works in Siebel eBusiness applications


Organizational Hierarchy

• Allows for the definition of organizations, divisions, and positions

• Use a top-down approach to define the company structure


Defining Company Structure • Create the company structure by defining:

Organizations Divisions Positions Responsibilities Employees

• Company structure determines the records and views to which employees have access


Defining Organizations and Divisions

• Allows your company to: Partition itself into logical groups, and then segregate data based on

these groups Limit access to data based on the organization(s) and divisions(s) to

which positions are assigned


Defining Divisions

• Navigate to Group AdministrationDivisions


Defining Organizations

• Set Organization Flag to make a division an organization


Defining Organizations (cont’d)

• Navigate to Group AdministrationOrganizations


Defining Employees• Navigate to User AdministrationEmployees to define

employees


Defining Positions• Navigate to Group AdministrationPositions

• Create positions based on your reporting structure Ask the question “Who needs to see what?”


Defining Responsibilities

• Navigate to Application AdministrationResponsibilities


Position and Responsibility

• There is no relationship between position and responsibility

• Employees are assigned: One or more positions One or more responsibilities

Return to Knowledge Check


User Authentication• Authentication:

Determines and validates the user’s identity Is controlled inside or outside of the Siebel application 3 Types of Authentication:

• Database Authentication• Security Adapter Authentication• Web single Sign on


Open Authentication Architecture• Open Authentication adaptor provides three approaches for

authentication


Siebel Authentication Manager• Runs within the Siebel object manager

• Verifies credentials

• Establishes connection to Siebel database


Two Types of Authentication• Internal authentication:

Verifies against the relational database (RDBMS) and Siebel application

• Also known as database authentication

• External authentication: Uses an external file (or directory) and security adapter to

authenticate users

Return to Knowledge Check


Internal Authentication• Requires a database (RDBMS) login

and password for each user

• Is the default for Siebel applications

• Authenticates users accessing one or more Siebel applications


Example of Internal Authentication

• Scenario: Rob is a new employee and requires access to Siebel Call Center

• Administration steps:1) Database Administrator (DBA) creates RDBMS login and

password2) DBA grants user proper access rights3) System administrator creates Siebel employee record, which

defines login, position, and responsibility


Example of Internal Authentication (cont’d)

• User authentication steps: 1) Rob enters credentials (login and password) in Siebel Call

Center login form 2) Rob’s login and password are verified in RDBMS3) Rob’s position and responsibility are determined in the Siebel

application4) Rob starts using Siebel Call Center 5) If Rob’s credentials are not validated in the RDBMS and Siebel

application, he receives an error message at login


External Authentication• Uses an external directory containing

user credential and administrative information

• Allows for centralized management of user authentication across Siebel and non-Siebel applications


External Authentication (cont’d)• Standard Siebel software provides prebuilt security adapters

for LDAP and ADSI Lightweight Directory Access Protocol (LDAP) is an open network

protocol • LDAP security adapter allows Siebel applications to access standard

LDAP directories

Active Directory Service (ADSI)• ADSI security adapter allows Siebel applications to access Microsoft

Active Directory

Security Adaptor Software Developers Kit• API documentation and sample code for building custom adaptors


Example of External Authentication

• Scenario: Mary is a new customer and needs access to Siebel eService

• Administration steps1) Enable eService to communicate with external directory by

updating parameters in eservice.cfg and eapps.cfg• Restart Siebel Server to activate changes in eservice.cfg• Restart Siebel Server and Web Server to activate changes in eapps.cfg

2) Update system preferences3) Activate user registration workflows


Benefits of External Authentication

• From a user perspective Allows for login maintenance and self-registration Allows for Web Single Sign On

• Ability to log in only once and access all applications within a Web site or portal

• From an administration perspective Reduces overhead by not having to maintain database logins

and passwords for each and every user External directory can be used for other applications


Maintaining Login Information• External authentication allows Web users to maintain their login

information Reduces burden on system administrator to maintain user login

information


Web Single Sign on (SSO)• Allows users to log in once via the Web to access multiple

applications at a given site Siebel applications support Web Single Sign On by allowing users

to provide one set of credentials for access to multiple applications

• Authentication occurs at Web server level, not at application level Credential collection and verification is external to Siebel

applications


Web Single Sign on Configuration • Web Server (IIS, iPlanet, IBM HIS)

Create a protected virtual directory Configure authentication client

• Siebel Web Server Extension Edit eApps.cfg to designate the variable through which the

authenticated user identifier will be passed

• Siebel Security Adaptor Edit application CFG file to set security adaptor in Single Sign On

mode


Web Single Sign On - Shared Infrastructure

• Centralizes authentication for all Web Applications

• Maintains global “Web site” session

• “Pluggable” at the Web server level

• Examples: Web server basic authentication SSL with client authentication Commercial authentication/authorization

servers


Web Single Sign on (SSO) - Data Flow


Guidelines for Using Authentication

Requires no additional infrastructure components

Supports dynamic user registration

Limits number of database accounts on RDBMS

Database Authenticati

on

Supports Web SSO

Offers centralized store for user credentials and roles

WebSSO

Security Adapter

Desired Deployment or Functionality


Summary

Now that you have completed this module, you shouldbe able to:

• Define your company’s organizational hierarchy in the Siebel application

• Describe the difference between authentication and Access Control

• Describe internal and external authentication and how each works in Siebel eBusiness applications


Knowledge Check

Question AnswerDefine your company’s organizational hierarchy inthe Siebel application.

• Navigate to Group Administration-> Divisions• Set Organizational Flag to make a division an or

ganization• Navigate to Group Administration-> Organizatio

ns• Navigate to User Administration-> Employees to

define employees• Navigate to Group Administration->Positions• Create positions based on your reporting structu

re• Navigate to Application Administration-> Respo

nsibilities• Create Responsibilities• Assign Responsibilities and Positions to Employ

ees

Take this opportunity to check your knowledge of the concepts presented in this module. Try to answer the questions on the slide. The answer for each question will pop up as you advance the slide. Each answer may link back to the area within the presentation where that concept is presented. At the end of the section referenced you will find a ‘Return to Knowledge Check’ hyperlink, which will take you back to this slide.


Knowledge Check (cont’d)

Question AnswerDescribe the difference between authenticationand Access Control.

Describe internal and external authentication.

User authentication determines and validates the user’s identity.

Access control restricts what is seen in the application according to view access, customer data, master data and application access.

Internal authentication: verifies the relational database and Siebel application.External authentication: uses an external file (or directory) and security adapter to authenticate users.

Take this opportunity to check your knowledge of the concepts presented in this module. Try to answer the questions on the slide. The answer for each question will pop up as you advance the slide. Each answer may link back to the area within the presentation where that concept is presented. At the end of the section referenced you will find a ‘Return to Knowledge Check’ hyperlink, which will take you back to this slide.

Technology

18 c oand_au