Chat now with support
Chat mit Support

Identity Manager 8.2.1 - Administration Guide for Connecting to Oracle E-Business Suite

Mapping an Oracle E-Business Suite in One Identity Manager Synchronizing Oracle E-Business Suite
Setting up initial synchronization of Oracle E-Business Suite Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Managing E-Business Suite user accounts and employees Login information Managing entitlement assignments Mapping of E-Business Suite objects in One Identity Manager Handling of E-Business Suite objects in the Web Portal Basic configuration data Configuration parameters for managing Oracle E-Business Suite Permissions required for synchronizing with Oracle E-Business Suite Default project templates for synchronizing an Oracle E-Business Suite Editing system objects Example of a schema extension file

Managing E-Business Suite user accounts and employees

The main feature of One Identity Manager is to map employees together with the main data and permissions available to them in different target systems. To achieve this, information about user accounts and permissions can be read from the target system into the One Identity Manager database and linked to employees. This provides an overview of the permissions for each employee in all of the connected target systems. One Identity Manager offers the option of managing user accounts and their permissions. You can provision modifications in the target systems. Employees are supplied with the necessary permissions in the connected target systems according to their function in the company. Regular synchronization keeps data consistent between target systems and the One Identity Manager database.

Because requirements vary between companies, One Identity Manager offers different methods for supplying user accounts to employees. One Identity Manager supports the following methods for linking employees and their user accounts:

  • Employees can automatically obtain their account definitions using user account resources. If an employee does not yet have a user account in an E-Business Suite system, a new user account is created. This is done by assigning account definitions to an employee using the integrated inheritance mechanism and subsequent process handling.

    When you manage account definitions through user accounts, you can specify the way user accounts behave when employees are enabled or deleted.

  • When user accounts are inserted, they can be automatically assigned to an existing employee This mechanism can be implemented if a new user account is created manually or by synchronization. However, this is not the One Identity Manager default method. You must define criteria for finding employees for automatic employee assignment.
  • Employees and user accounts can be entered manually and assigned to each other.

If you want to map employee data from the HR module of the Oracle E-Business Suite in One Identity Manager, the imported employees:

  • Can be assigned to E-Business Suite user accounts as HR persons.
  • Can be linked to user accounts through automatic employee assignment, account definitions, or manually.

For more information about employee handling and administration, see the One Identity Manager Target System Base Module Administration Guide.

Related topics

Setting up account definitions

One Identity Manager has account definitions for automatically allocating user accounts to employees. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.

The data for the user accounts in the respective target system comes from the basic employee data. The employees must have a central E-Business Suite user account. The assignment of the IT operating data to the employee’s user account is controlled through the primary assignment of the employee to a location, a department, a cost center, or a business role. Processing is done through templates. There are predefined templates for determining the data required for user accounts included in the default installation. You can customize templates as required.

For detailed information about account definitions, see the One Identity Manager Target System Base Module Administration Guide.

The following steps are required to implement an account definition:

Creating account definitions

To create or edit an account definition

  1. In the Manager, select the Oracle E-Business Suite > Basic configuration data > Account definitions > Account definitions category.

  2. Select an account definition in the result list. Select the Change main data task.

    -OR-

    Click in the result list.

  3. Enter the account definition's main data.
  4. Save the changes.

Main data for account definitions

Enter the following data for an account definition:

Table 15: Main data for an account definition

Property

Description

Account definition

Account definition name.

User account table

Table in the One Identity Manager schema that maps user accounts.

Target system

Target system to which the account definition applies.

Required account definition

Specifies the required account definition. Define the dependencies between account definitions. When this account definition is requested or assigned, the required account definition is assigned automatically.

Leave empty for E-Business Suite systems.

Description

Text field for additional explanation.

Manage level (initial)

Manage level to use by default when you add new user accounts.

Risk index

Value for evaluating the risk of assigning the account definition to employees. Set a value in the range 0 to 1. This input field is only visible if the QER | CalculateRiskIndex configuration parameter is set.

For detailed information, see the One Identity Manager Risk Assessment Administration Guide.

Service item

Service item through which you can request the account definition resource in the IT Shop. Assign an existing service item or add a new one.

IT Shop

Specifies whether the account definition can be requested through the IT Shop. The account definition can be requested by an employee through the Web Portal and distributed using a defined approval process. The resource can also be assigned directly to employees and roles outside the IT Shop.

Only for use in IT Shop

Specifies whether the account definition can only be requested through the IT Shop. The account definition can be requested by an employee through the Web Portal and distributed using a defined approval process. The account definition cannot be directly assigned to roles outside the IT Shop.

Automatic assignment to employees

Specifies whether the account definition is automatically assigned to all internal employees. To automatically assign the account definition to all internal employee, use the Enable automatic assignment to employees The account definition is assigned to every employee that is not marked as external. Once a new internal employee is created, they automatically obtain this account definition.

To automatically remove the account definition assignment from all employees, use the Disable automatic assignment to employees. The account definition cannot be reassigned to employees from this point on. Existing account definition assignments remain intact.

Retain account definition if permanently disabled

Specifies the account definition assignment to permanently deactivated employees.

Option set: The account definition assignment remains in effect. The user account remains intact.

Option not set (default): The account definition assignment is not in effect. The associated user account is disabled.

Retain account definition if temporarily disabled

Specifies the account definition assignment to temporarily deactivated employees.

Option set: The account definition assignment remains in effect. The user account remains intact.

Option not set (default): The account definition assignment is not in effect. The associated user account is disabled.

Retain account definition on deferred deletion

Specifies the account definition assignment on deferred deletion of employees.

Option set: The account definition assignment remains in effect. The user account remains intact.

Option not set (default): The account definition assignment is not in effect. The associated user account is disabled.

Retain account definition on security risk

Specifies the account definition assignment to employees posing a security risk.

Option set: The account definition assignment remains in effect. The user account remains intact.

Option not set (default): The account definition assignment is not in effect. The associated user account is disabled.

Resource type

Resource type for grouping account definitions.

Spare field 01 - spare field 10

Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields.

Entitlements can be inherited

Specifies whether the user account can inherit E-Business Suite permissions through the employee. If this option is set, the user account inherits permissions through hierarchical roles or IT Shop requests.

  1. Example: An employee with an E-Business Suite user account is a member of a department. This department is assigned an E-Business Suite entitlement. If this option is set, the user account inherits this entitlement.

  2. Example: An employee with an E-Business Suite user account requests an E-Business Suite entitlement in the IT Shop. The request is approved and assigned. The user account only inherits this entitlement if this option is active.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen