Enterprise Manager offers multiple methods of authentication. In addition to the predefined methods, a customized provider/module can be plugged in to Enterprise Manager authentication. The default system authentication method is the standard Repository based authentication. Additional predefined methods include:

• Oracle Single Sign-On (OSSO)

• Enterprise User Security (EUS)

• Integration with Oracle Access Manager Single Sign-On (OAM SSO)

• Direct LDAP integration (Oracle Internet Directory, Microsoft Active Directory)

• Security Assertion Markup Language (SAML)

For detailed information about how to configure Enterprise Manager to use the predefined providers, see Configuring Authentication.

Using one of the extended authentication modules enables you to take advantage of centralized identity management across the enterprise. Doing this allows you to rely on the external identity management system for password security compliance, password changes and resets. To create a user in Enterprise Manager with external authentication, you select the external flag upon creation. During creation of every new user in Enterprise Manager you are prompted for that users mode of Authentication, via an external Identity store such as Oracle Access Manager (OAM), LDAP or Oracle Internet Directory (OID), or internally via Enterprise Manager Repository.

When the account is deleted from the identity management system, it will no longer authenticate in Enterprise Manager but still needs to be manually removed. Ideally, a script or job could be run to remove the user from Enterprise Manager once removed from the identity management system.

When using external Authentication, Enterprise Manager allows the creation of external roles which map to the identity management systems groups by name (Enterprise Manager role DBA maps to LDAP group DBA). Thus allowing synchronized user access and privileges based on external group membership.

Target authentication provides access to the host, database or application targets managed through Enterprise Manager. Using strong target authentication methods, named credentials and configuring database password profiles are a few ways to ensure secure target authentication.

To ensure target authentication security, choose strong host and database authentication methods. Credentials for target access are encrypted and stored in Enterprise Manager. With Enterprise Manager, strong authentication such as SSH-keys for host and Kerberos tickets for database are now supported. These credentials can be used by jobs, deployment procedures and other subsystems.