This will take you through the steps to have BI users authenticate against Active Directory. The users already defined in BI can still login. For example, the user “weblogic”.
Open the admin console http://obiee.example-domain.com:7001/console.
Go to Security Realms/myRealm/Providers tab/Authentication [Lock & Edit]
Click New. type ActiveDirectoryAuthenticator, eg myADAuthenticator
Set the control flag to Sufficient. This ensures that either authentication in AD or in BI is sufficient to let a user login. It means you’ll still be able to use the “weblogic” account. For that, you must set to Sufficient the control flag of the default authenticator. If you forget this, the AD users will not be able to login.
Click on myADAuthenticator, go to Provider Specific tab
Input host of AD server and a user
userbase DN: ou=wlsusers,dc=example-domain,dc=com
If you can’t get it to work with “ou=wlsusers,dc=…”, you can also try only “dc=example-domain,dc=com”, but this means that all your AD users will be able to login into BI.
All users filter: (&(sAMAccountName=*)(objectclass=user))
User From Name Filter: (&(sAMAccountName=*)(objectclass=user))
Now restart the admin server.
Then you have to add three keys in the identity store provider.
Enterprise Manager, WebLogic Domain, bifoundation_domain, Security, Security Provider Configuration, Identity Store Provider, Configure
These are the keys:
Then you should define three groups in AD and add them to the corresponding roles in BI.