Oracle Business Intelligence 11gR2 authentication to Microsoft Active Directory

This will take you through the steps to have BI users authenticate against Active Directory. The users already defined in BI can still login. For example, the user “weblogic”.

Open the admin console

Go to Security Realms/myRealm/Providers tab/Authentication [Lock & Edit]


Click New. type ActiveDirectoryAuthenticator, eg myADAuthenticator


Set the control flag to Sufficient. This ensures that either authentication in AD or in BI is sufficient to let a user login. It means you’ll still be able to use the “weblogic” account. For that, you must set to Sufficient the control flag of the default authenticator. If you forget this, the AD users will not be able to login.


Click on myADAuthenticator, go to Provider Specific tab

Input host of AD server and a user

userbase DN: ou=wlsusers,dc=example-domain,dc=com

If you can’t get it to work with “ou=wlsusers,dc=…”, you can also try only “dc=example-domain,dc=com”, but this means that all your AD users will be able to login into BI.

All users filter: (&(sAMAccountName=*)(objectclass=user))

User From Name Filter: (&(sAMAccountName=*)(objectclass=user))

Now restart the admin server.

Then you have to add three keys in the identity store provider.

Enterprise Manager, WebLogic Domain, bifoundation_domain, Security, Security Provider Configuration, Identity Store Provider, Configure


These are the keys:

  1. user.login.attr=sAMAccountName
  2. username.attr=sAMAccountName
  3. virtualize=true


Then you should define three groups in AD and add them to the corresponding roles in BI.

  1. AD_BIAdministrator
  2. AD_BIAuthor
  3. AD_BIConsumer


This was all, you should be able to login now into BI with your domain user.