PeopleSoft Integration Reference

Related Topics

PeopleSoft Components Certified for Integration with Oracle Access Governance

The PeopleSoft components that you can integrate with, depend on which configuration mode you are running your Orchestrated System in.

Certified Components in Authoritative Source Configuration Mode

Table - Certified Components in Authoritative Source Configuration Mode

Component Type Component
System The versions of PeopleSoft HRMS you can use as an authoritative (trusted) source of identity information for Oracle Access Governance are:
  • PeopleSoft HRMS 8.9 with PeopleTools 8.49
  • PeopleSoft HRMS 8.9 with PeopleTools 8.50
  • PeopleSoft HRMS 9.0 with PeopleTools 8.49
  • PeopleSoft HRMS 9.0 with PeopleTools 8.50
  • PeopleSoft HRMS 9.0 with PeopleTools 8.52
  • PeopleSoft HRMS 9.1 with PeopleTools 8.50
  • PeopleSoft HRMS 9.1 with PeopleTools 8.51
  • PeopleSoft HRMS 9.1 with PeopleTools 8.52
  • PeopleSoft HRMS 9.1 with PeopleTools 8.53
  • PeopleSoft HRMS 9.2 with PeopleTools 8.53
  • PeopleSoft HRMS 9.2 with PeopleTools 8.54
  • PeopleSoft HRMS 9.2 with PeopleTools 8.55
  • PeopleSoft HRMS 9.2 with PeopleTools 8.56
  • PeopleSoft HRMS 9.2 with PeopleTools 8.57
  • PeopleSoft HRMS 9.2 with PeopleTools 8.58
  • PeopleSoft HRMS 9.2 with PeopleTools 8.59

Certified Components in Managed System Configuration Mode

Table - Certified Components in Managed System Configuration Mode

Component Type Component
System The versions of PeopleSoft PeopleTools you can use to manage PeopleTools-based PSOPRDEFN user profile records in PeopleSoft applications are:
  • PeopleTools 8.53
  • PeopleTools 8.54
  • PeopleTools 8.55
  • PeopleTools 8.56
  • PeopleTools 8.57
  • PeopleTools 8.58
  • PeopleTools 8.59
  • PeopleTools 8.60.05
  • PeopleTools 8.61.03

Note:

If you are using PeopleTools 8.54, full reconciliation operation may not work as expected. Apply PeopleSoft Patch 21109998 using the following URL for this operation to work successfully:

https://support.oracle.com/

Certified Components in both Modes

Table - Certified Components in both Modes

Component Type Component
System The versions of PeopleSoft HCM you can use in either Authoritative Source or Managed System mode are:
  • PeopleSoft HCM 9.1
  • PeopleSoft HCM 9.1
Database Oracle

PeopleSoft Components Required For Integration with Oracle Access Governance

Integration of PeopleSoft with Oracle Access Governance requires a number of components to be present in your PeopleSoft environment.

Ensure the following components are installed in your PeopleSoft environment:
  • Tuxedo and Jolt (the application server)
  • PeopleSoft Internet Architecture (PIA)
  • PeopleSoft Application Designer (2-tier mode)

Configure Oracle Database Schema User Account

To access the PeopleSoft database schema you will need to create a service account on the Oracle database supporting PeopleSoft.

  1. Log in to the Oracle database as a database administrator using SQL*Plus or similar. Create a service account using the following statements:
    create user <DBService Schema user account name> identified by <password>;
grant create session to <DBService Schema user account name>;
grant create synonym to <DBService Schema user account name>;

    For example:

    create user psftagsvc identified by mypw;
grant create session to psftagsvc;
grant create synonym to psftagsvc;
  2. Grant permission to PeopleSoft schema components to the service account you created, where <PSFT> is the name of the PeopleSoft schema for your environment:
    grant select on <PSFT>.PSOPRDEFN to <DBService Schema user account name>;
grant select on <PSFT>.PSROLEDEFN_SRCH to <DBService Schema user account name>;
grant select on  <PSFT>.PSCLASSDEFN to <DBService Schema user account name>;
grant select on  <PSFT>.PS_CURRENCY_CD_TBL to <DBService Schema user account name>;
grant select on  <PSFT>.PS_PERSONAL_DATA to <DBService Schema user account name>;
grant select on  <PSFT>.PS_PERSONAL_PHONE to <DBService Schema user account name>;
grant select on  <PSFT>.PS_EMAIL_ADDRESSES to <DBService Schema user account name>;
grant select on  <PSFT>.PS_JOB to <DBService Schema user account name>;
  3. Logout of the database and reconnect as the service account you created. Create synonyms for the schema components you granted access for:
    create synonym PSOPRDEFN for <PSFT>.PSOPRDEFN;
create synonym PSROLEDEFN_SRCH for <PSFT>.PSROLEDEFN_SRCH;
create synonym PSCLASSDEFN for <PSFT>.PSCLASSDEFN;
create synonym CURRENCY_CD_TBL for <PSFT>.PS_CURRENCY_CD_TBL;
create synonym PS_PERSONAL_DATA for <PSFT>.PS_PERSONAL_DATA;
create synonym PS_PERSONAL_PHONE for <PSFT>.PS_PERSONAL_PHONE;
create synonym PS_EMAIL_ADDRESSES for <PSFT>.PS_EMAIL_ADDRESSES;
create synonym PS_JOB for <PSFT>.PS_JOB;

Configure PeopleSoft Service Account Using Peoplesoft PIA Web Interface

Integrating with PeopleSoft requires connecting to the PeopleSoft application using a service account.

You can create a service user to connect to the PeopleSoft application with, by executing the following steps.

  1. Invoke the Peoplesoft PIA Web interface in a browser and navigate to Permission Lists.

    People Tools → Security → Permission Lists

  2. Add a new value: AGCS_PERMLIST
  3. In the permission list add and assign access to the following Component Interfaces according to the values given in the table:

    Table - Component Interface Permissions

    Component Interface Method Method Access
    USER_PROFILE    
      Cancel Full Access
      Get Full Access
      Create Full Access
      Save Full Access
      ResetPassword Full Access
      ResetPassword_Alpha Full Access
      SetPassword Full Access
      SetDescription Full Access
    DELETE_USER_PROFILE    
      Cancel Full Access
      Find Full Access
      Get Full Access
      Save Full Access
    ROLE_MAINT    
      Cancel Full Access
      Find Full Access
      Get Full Access
      Create No Access
      Save No Access
    CURRENCY    
      Cancel Full Access
      Find Full Access
      Get Full Access
      Create No Access
      Save No Access
    CI_PERM_LIST    
      Cancel Full Access
      Find Full Access
      Get Full Access
      Create No Access
      Save No Access
  4. Navigate to Roles.

    People Tools → Security → Roles

  5. Add a new value: AGCS_ROLE
  6. Add AGCS_PERMLIST to the Permission List.
  7. Navigate to User Profile

    People Tools → Security → User Profiles → User Profile

  8. Add a new value: AGCSSA
    • Add Symbolic ID as SYSADM1.
    • Set and confirm the password.
    • Set ID Type as NONE.
    • From Roles, select AGCS_ROLE.
    • Save your changes.

Supported Configuration Modes for PeopleSoft Integrations

Oracle Access Governance integrations can be setup in different configuration modes depending on your requirement for on-boarding identity data, and provisioning accounts.

Supported Modes

PeopleSoft Orchestrated System supports the following modes:

  • Authoritative Source

    You can use PeopleSoft HRMS as an authoritative (trusted) source of identity information for Oracle Access Governance.

  • Managed System

    You can manage PeopleTools-based PSOPRDEFN user profile records in PeopleSoft applications including Role and Permission List assignments to these records.

Supported Operations When Provisioning To PeopleSoft

When you provision an account from Oracle Access Governance to PeopleSoft certain operations are supported.

The PeopleSoft Orchestrated System supports the following account operations when provisioning a user:
  • Create User
  • Update User
  • Change Password
  • Add Roles
  • Remove Roles

Default Supported Attributes

Oracle Access Governance supports the following default PeopleSoft attributes. These attributes are mapped depending on the direction of the connection, for example:
  • Data being ingested by Oracle Access Governance from PeopleSoft: User.PROP_FIRST_NAME will map to Identity.firstName
  • Data being provisioned into PeopleSoft from Oracle Access Governance: account.lastName will map to User.PROP_LAST_NAME

Table - Default Attributes - Authoritative Source

PeopleSoft Entity Attribute Name On PeopleSoft Managed System Oracle Access Governance Identity Attribute Name Oracle Access Governance Identity Attribute Display Name
User UserID uid Unique Id
  UserID name Employee user name
  IDTypes~EMP~Empl_ID employeeNumber Employee number
  IDTypes~CST~Set_ID customerSetId Customer set id
  IDTypes~CST~Customer_ID customerId Customer id
  IDTypes~VND~Set_ID vendorSetId Vendor set id
  IDTypes~VND~Vendor_ID vendorId Vendor id
  PROP_FIRST_NAME firstName First name
  PROP_LAST_NAME lastName Last name
  PROP_MIDDLE_NAME middleName Middle name
  PROP_NAME_TITLE title Title name
  PROP_EMAIL_ADDR email Email
  PROP_PHONE phone Phone
  PROP_DEPTID department Department
  PROP_JOBCODE jobCode Job code
  PROP_POSITION_NBR positionNBR Position
  PROP_SUPERVISOR_ID supervisorUid Supervisor
  PROP_HR_STATUS hrStatus HR status
  PROP_EMPL_STATUS emplStatus Employee Status
  PROP_ACTION action Action
  PROP_ACTION_REASON actionReason Action reason
  PROP_LOCATION location Location
  PROP_FULL_PART_TIME fullPartTime Full part time
  PROP_COMPANY company Company
  PROP_EMPL_TYPE emplType Employee type
  PROP_EMPL_CLASS emplClass Employee class
  PROP_BUSINESS_UNIT businessUnit Business unit
  PROP_TERMINATION_DT endDate End date
  EFFDT startDate Start date
  REPORTS_TO reportsTo Reports to
  PROP_OFFICER_CD officerCode Officer code
addresses   addresses as entitlement Addresses
  PROP_COUNTRY country  
  PROP_CITY city  
  PROP_STATE state  
  PROP_ADDRESS1 address1  
  PROP_ADDRESS2 address2  
  PROP_ADDRESS3 address3  
  PROP_POSTAL postal  

Table - Default Attributes - Managed System

PeopleSoft Entity Attribute Name On PeopleSoft Managed System Oracle Access Governance Account Attribute Name Oracle Access Governance Account Attribute Display Name
User UserID uid Unique Id
  UserID name User login
  __PASSWORD__ password Password
  EmailAddresses~EmailAddress~PrimaryEmail email Email
  IDTypes~EMP~Empl_ID employeeId Employee id
  IDTypes~CST~Set_ID customerSetId Customer set id
  IDTypes~CST~Customer_ID customerId Customer id
  IDTypes~VND~Set_ID vendorSetId Vendor set id
  IDTypes~VND~Vendor_ID vendorId Vendor id
  NavigatorHomePermissionList navigatorHomePermission Navigator home permission
  ProcessProfilePermissionList processProfilePermission Process profile permission
  RowSecurityPermissionList rowSecurityPermission Row security permission
  PrimaryPermissionList primaryPermission Primary permission
  UserDescription description Description
  MultiLanguageEnabled multiLanguageEnabled Multi language enabled
  SymbolicID symbolicId Symbolic id
  UserIDAlias userIdAlias User id alias
  LanguageCode languageCode Language
  CurrencyCode currencyCode Currency
  AlternateUserID alternateUserId Alternate user id
  EffectiveDateFrom startDate Start date
  EffectiveDateTo endDate End date
  WorklistUser worklistUser Work list user
  EmailUser emailUser Email user
  ReassignWork reassignWork Reassign work
  ReassignUserID reassignUserId Reassign work to
  SupervisingUserID supervisingUserId Supervising user id
  AccountLocked status Status

Default Matching Rules

In order to map accounts to identities in Oracle Access Governance you need to have a matching rule for each Orchestrated System.

The default matching rule for PeopleSoft orchestrated system is:

Table - Default Matching Rules

Mode Default Matching Rule
Authoritative Source

Identity matching checks if incoming identities match an existing identity or are new

Screen value:

Employee user name = Employee user name

Attribute name:

Identity.userName = Identity.userName
Managed System

Account matching checks if incoming accounts match with existing identities.

Screen value:

User login = Employee user name

Attribute name:

Account.name = Identity.userName