Skip to content

Frequently Asked Questions

Security & Data

How does AgentCube handle security and data entitlements?

AgentCube passes the authenticated user identity through to Oracle EPM via SSO. All data access is governed by the native security filters configured in your Oracle environment. Users only see data they are entitled to — the AI assistant never receives restricted data.

Can two users with different entitlements use the same AgentCube connector?

Yes. Each user authenticates independently via SSO. Their Oracle entitlements are enforced per-session. A user with North America-only access will see different results than a user with full global access, even when asking the same question.

Does AgentCube cache or store any data from Oracle?

No. Every query is executed in real-time against the Oracle EPM server with the user's security context. No data is cached, stored, or used for AI model training.

Compatibility

What Oracle EPM systems are supported?

AgentCube currently supports Oracle Essbase 21c and Oracle EPM Planning Cloud (EPBCS/PBCS). Both require REST API access enabled.

What Essbase storage types are supported?

Both ASO (Aggregate Storage) and BSO (Block Storage) cubes are supported. MDX queries and single-cell queries work with both storage types.

What AI platforms does AgentCube support?

AgentCube uses the Model Context Protocol (MCP) standard, which is supported by Claude.ai, Microsoft Copilot Studio, and other MCP-compatible AI clients. The same connector works across all platforms.

Authentication

What authentication methods are supported?

AgentCube supports two modes:

  • Basic Auth — Uses a shared service account. All users share the same Oracle credentials. Simplest to set up.
  • SSO (OIDC) — Per-user authentication through Microsoft Entra ID or any OIDC-compliant provider. Each user's Oracle entitlements are enforced individually.

See the Installation Guide for setup instructions for each mode.

What happens when my SSO session expires?

You will need to disconnect and reconnect the MCP connector in your AI platform to re-authenticate. Token lifetime depends on your identity provider configuration.