Oracle Fusion Cloud Applications Integration Reference
Oracle Fusion Cloud Applications Components Certified for Integration with Oracle Access Governance
The Oracle Fusion Cloud Applications to integrate with Orchestrated System is as follows.
Certified Components
Table - Certified Components
| Component Type | Component |
|---|---|
| System | The versions of Oracle Fusion Cloud
Applications you can use for Oracle Access Governance are:
|
Grant Default Roles and Permissions
Before configuring your orchestrated system you should setup either an HCM or ERP service account and grant permissions required to integrate with Oracle Access Governance
Grant Default Roles/Permissions
Table - Role Code for HCM Service Account
| Role Name | Role Code |
|---|---|
| IT Security Manager | ORA_FND_IT_SECURITY_MANAGER_JOB |
| Integration Specialist | ORA_FND_INTEGRATION_SPECIALIST_JOB |
| Application Implementation Consultant | ORA_ASM_APPLICATION_IMPLEMENTATION_CONSULTANT_JOB |
| Application Diagnostic Administrator | ORA_FND_DIAG_ADMINISTRATOR_JOB |
Table - Role Code for ERP Service Account
| Account Type | Value |
|---|---|
| IT Security Manager | ORA_FND_IT_SECURITY_MANAGER_JOB |
| Integration Specialist | ORA_FND_INTEGRATION_SPECIALIST_JOB |
| Application Implementation Consultant | ORA_ASM_APPLICATION_IMPLEMENTATION_CONSULTANT_JOB |
| Access Request Security Administrator | ORA_GTG_ACCESS_REQUEST_SECURITY_ADMINISTRATOR_JOB |
Grant Permissions as a Custom User
Create a custom role instead of using the default roles to ensures least privilege by granting only the necessary fine-grained permissions.
Table - Privileges
| EndPoint/Functionality | Privileges In Function Security Policies | Application |
|---|---|---|
| /userAccounts |
Privilege Name: Use REST Service - User Accounts Privilege Code: PER_REST_SERVICE_ACCESS_USER_ACCOUNTS_PRIV |
HCM |
| /workers |
Privilege Name: Use REST Service - Workers Privilege Code: PER_REST_SERVICE_ACCESS_WORKERS_PRIV |
HCM |
| /dataSecurities |
Privilege Name: Manage Data Access for Users Privilege Code: FUN_MANAGE_DATA_ACCESS_FOR_USERS_PRIV |
ERP |
| /finBusinessUnitsLOV |
Privilege Name: Get Enterprise Structures Using REST Service Privilege Code: FUN_GET_ENTERPRISE_STRUCTURES_REST_SERVICE_PRIV |
ERP |
| /fixedAssetBooksLOV |
Privilege Name: View Fixed Asset Books Privilege Code: FA_VIEW_FIXED_ASSET_BOOKS_PRIV |
ERP |
|
/scim/Users /scim/Roles |
Privilege Name: Use REST Service - Identity Integration Privilege Code: ASE_REST_SERVICE_ACCESS_IDENTITY_INTEGRATION_PRIV |
HCM + ERP |
| /setIdSetsLOV/ |
Privilege Name: Manage Application Reference Data Set Privilege Code: FND_APP_MANAGE_REFERENCE_DATA_SET_PRIV |
ERP |
| /commonLookupsLOV |
Privilege Name: Manage Application Common Lookup Privilege Code: FND_APP_MANAGE_COMMON_LOOKUP_PRIV |
HCM + ERP |
|
/advancedAccessRequests/action/getSecurityContextLOV /advancedAccessRequests/action/getSecurityValue |
Privilege Name: Access Requests Privilege Code: GTG_ACCESS_REQUESTS_PRIV |
ERP |
| /advancedControlsRolesProvisioning |
Privilege Name: Use REST Service for Advanced Access Control Role Analysis Privilege Code: GTG_REST_SERVICE_ACCESS_ADVANCED_ACCESS_CONTROL_ROLE_ANALYSIS_PRIV |
SOD |
Table - Aggregated Privileges
| EndPoint/Functionality | Aggregated Privileges As Role Into The Rol Hierarchy | Application |
|---|---|---|
| /areasOfResponsibility |
Privilege Name: Use REST Service - Areas of Responsibility Read Only Privilege Code: ORA_PER_REST_SERVICE_ACCESS_AREAS_OF_RESPONSIBILITY_RO |
HCM + AOR |
| /hcmCountriesLov |
Privilege Name: Use REST Service - HCM Countries List of Values Privilege Code: ORA_PER_REST_SERVICE_ACCESS_HCM_COUNTRIES_LOV |
HCM |
|
/hcmBusinessUnitsLOV /legalEmployersLov |
Privilege Name: Use REST Service - Workforce Structure List of Values Privilege Code: ORA_PER_REST_SERVICE_ACCESS_WORKFORCE_STRUCTURE_LOVS |
HCM |
| /actionsLOV |
Privilege Name: Use REST Service - Person Reference Data Lists of Values Privilege Code: ORA_PER_REST_SERVICE_ACCESS_PERSON_REFERENCE_DATA_LOVS |
HCM |
| /dataAccessSetLedgersLOV |
Privilege Name: Review Revenue Management Accounting Period Status Privilege Code: ORA_GL_REVENUE_MANAGEMENT_PERIOD_STATUS_REVIEW_DUTY |
ERP |
Supported Configuration Modes for Oracle Fusion Cloud Applications
You can use Oracle Access Governance integrations to set up different configuration modes depending on your requirement for on-boarding identity data, and provisioning accounts.
Supported Modes
The Oracle Fusion Cloud Applications Orchestrated System supports the following modes:
- Authoritative Source
You can use Oracle Fusion Cloud Applications as an authoritative (trusted) source of identity information for Oracle Access Governance.
- Managed System
You can manage Oracle Fusion Cloud Applications user profile records in Oracle Fusion Cloud Applications including Role and Permission List assignments to these records.
Supported Operations When Provisioning To Oracle Fusion Cloud Applications
To provision an account from Oracle Access Governance to Oracle Fusion Cloud Applications there are certain operations that are supported.
- Create User Account
- Update User Account
- Enable User Account
- Disable User Account
- User Account Linking (personId) [Use Outbound transformation to link person to the user account]
- Change Password
- Add Role Assignment
- Update Role Assignment
- Remove Roles
For more details see Oracle Access Governance Integration Functional Overview and Integrate with Fusion Cloud Applications.
Default Supported Attributes
Oracle Access Governance supports the following default Oracle Fusion Cloud Applications attributes.
Oracle Fusion Cloud Applications Supported Attributes
- Data with minimum attribute set being ingested by Oracle Access Governance from Oracle Fusion Cloud Applications HCM with support from JML.
- Data with minimum attribute set of person record being ingested by Oracle Access Governance from Oracle Fusion Cloud Applications HCM and ERP modules.
- Data with AOR attribute support. Oracle Access Governance does not manage provisioning or de-provisioning of AORs.
Default Matching Rules
- Identity Matching Rules: Employee user name Equals Employee user name.
- Account Matching Rules: User login Equals Employee user name.
Table - Default Attributes - Authoritative Source for HCM with JML Support
| Attribute Name on Oracle Fusion Cloud Applications | Attribute Name on Oracle Access Governance | Display Name on Oracle Access Governance | Applicable to HCM/ ERP/ BOTH |
|---|---|---|---|
| userName | name | Name | Both |
| displayName | displayName | Display Name | Both |
| name.familyName | lastName | Last name | Both |
| name.givenName | firstName | First name | Both |
| emails.value | Both | ||
|
emails.type
|
emailType
|
Email Type
|
Both |
| active | status | Status | Both |
| workerInformation.personNumber | personNumber | Person Number | Both |
| workerInformation.manager | managerUid | Manager Uid | Both |
| workerInformation.job | jobCode | Job Code | Both |
| workerInformation.department | department | Department | Both |
| workRelationships~assignments~BusinessUnitId | businessUnit | Business Unit | HCM |
| preferredLanguage | preferredLanguage | Preferred Language | HCM |
| legislativeInfo~Gender | gender | Gender | HCM |
| id|PersonId | personId | Person Identification | HCM |
| names~EffectiveStartDate | startDate | Start Date | HCM |
| workRelationships~WorkerType | workerType | Worker Type | HCM |
| workRelationships~LegalEmployerName | legalEmployerNameWithLegislationCode | Legal EmployerName with Legislation Code | HCM |
| workRelationships~TerminationDate | terminationDate | Termination Date | HCM |
| workRelationships~PeriodOfServiceId | periodOfServiceId | PeriodOfService Id | HCM |
| workRelationships~LegalEntityId | legalEntityId | Legal Entity Id | HCM |
| workRelationships~assignments~EffectiveStartDate | assignmentEffectiveStartDate | Assignment Effective Start Date | HCM |
| workRelationships~assignments~PositionCode | positionCode | Position Code | HCM |
| workRelationships~assignments~GradeCode | gradeCode | Grade Code | HCM |
| workRelationships~assignments~LocationCode | locationCode | Location code | HCM |
| workRelationships~assignments~EffectiveEndDate | assignmentEffectiveEndDate | Assignment Effective End Date | HCM |
| workRelationships~assignments~ActionCode | actionCode | Action Code | HCM |
| workRelationships~assignments~ActionTypeCode | actionTypeCode | Action Type Code | HCM |
| workRelationships~assignments~ProjectedStartDate | projectedStartDate | ProjectedStartDate | HCM |
| workRelationships~assignments~ProposedUserPersonType | proposedUserPersonType | Proposed User Person Type | HCM |
| workRelationships~assignments~managers~ManagerAssignmentNumber | managerAssignmentNumber | Manager Assignment Number | HCM |
| future~workRelationships~StartDate | futureStartDate | ||
| future~workRelationships~assignments~EffectiveStartDate | futureEffectiveStartDate | ||
| future~workRelationships~assignments~EffectiveEndDate | futureEffectiveEndDate | ||
| future~workRelationships~assignments~ActionCode | futureActionCode | ||
| future~workRelationships~assignments~ActionTypeCode | futureActionTypeCode | ||
| addresses~Country | country | Location | HCM |
| addresses~AddressType | addressType | Address Type | HCM |
| addresses~PostalCode | postalCode | Location postal code | HCM |
| addresses~TownOrCity | townOrCity | Town or city | HCM |
| addresses~Region1 | region1 | Region1 | HCM |
| addresses~Region2 | region2 | Region2 | HCM |
| addresses~FloorNumber | floorNumber | Floor number | HCM |
| addresses~Building | building | Building | HCM |
| addresses~AddressLine1 | addressLine1 | AddressLine1 | HCM |
| phones~PhoneNumber | phoneNumber | Phone Number | HCM |
| phones~Extension | extension | Phone Extension | HCM |
| phones~PhoneType | phoneType | Phone Type | HCM |
| Work Relationships | workRelationships | Work Relationships | HCM |
| HCM | |||
| HCM | |||
| HCM |
Table - Default Attributes - Managed System
| Oracle Fusion Cloud Applications User Entity | Oracle Fusion Cloud Applications Attribute Name | Display Name on Oracle Access Governance | Oracle Access Governance Attribute Display Name | Applicable to HCM/ ERP/ BOTH |
|---|---|---|---|---|
| FA User | id (SCIM) | uid | Unique Id | Both |
| userName | name | Name | Both | |
| password | password | Password | Non-Reconcilable | |
| externalId | externalID | External ID | Both | |
| displayName | displayName | Display Name | Both | |
| name.familyName | familyName | Family Name | Both | |
| name.givenName | givenName | Given Name | Both | |
| emails.value | Both | |||
| emails.type |
emailType
|
Email Type | Both | |
| active | status | Status | Both | |
| workerInformation.personNumber | personNumber | Person Number | Both | |
| workerInformation.manager | managerUid | Manager Uid | Both | |
| workerInformation.job | jobCode | Job Code | Both | |
|
Roles
|
securityContextsWithValues |
Roles |
Roles |
Both ERP |
| Area of Responsibility (AoR) | ResponsibilityId | __UID__ | __UID__ |
Both HCM |
| ResponsibilityName | responsibilityName | responsibilityName | ||
| ResponsibilityType | responsibilityType | responsibilityType | ||
| AssignmentNumber | assignmentNumber | assignmentNumber | ||
| AssignmentName | assignmentName | assignmentName | ||
| ActiveStatus | activeStatus | activeStatus | ||
| StartDate | startDate | startDate |
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customer access to and use of Oracle support services will be pursuant to the terms and conditions specified in their Oracle order for the applicable services.