For the authentication of a user, Jedox can use external directory services such as Microsoft Active Directory Services or other LDAP directory services. Therefore, Jedox OLAP must be set up properly with Jedox Supervision Server, which is used to monitor actions in the Jedox OLAP Server. If an action (such as user logon) is controlled, a PHP script can start further actions.
Upon user logon, the following two Supervision actions are used:
If this event is intercepted, then the user/password combination transmitted from the client is not authenticated by Jedox itself, but will be transmitted by the Supervision Server to the established directory service. This service authenticates the user and, if successful, the user can work with Jedox.
The permissions (authorizations) are still administrated in Jedox. The user must be administrated both in the Directory Service as well as in Jedox. The user’s are administrated in Jedox.
In addition to user authentication, directory service returns all groups in which the user is a member. The advantage here is that the user does not have to be created in Jedox. The authorization takes place only according to the group level. In Jedox itself, only the groups and their assignments to roles must be administered; if user is deleted or assigned to other groups in the directory service, no further action is required. New users can also be added easily and centrally.
Note: deleting or renaming groups in the directory service must be adjusted in Jedox.
You will find an example in the sample folder of the SVS installation.