Managing users means the administrator will have to enrol the real user to the systems the user is authorized to access. From the user's perspective we have a single physical user who is required to log in to the different systems this user has been granted to, and who is not willing to be authenticated against each system. If the user was authenticated against each single system, sooner or later the system administrator would have a hard time trying to manage the community with a non scalable solution as either the number of users, or systems or both number of users and systems, increases.
The user is authenticated once against a centralized SSO server, and the tool to manage the user's enrolment and provisioning is the Enterprise Security Manager. This scenario assumes the existence of an Oracle Identity Management infrastructure which is available through the application server infrastructure installation.