One Identity Manager supports synchronization with Oracle E-Business Suite 12.1 and 12.2. The One Identity Manager Service is responsible for synchronizing data between the One Identity Manager database and Oracle E-Business Suite.
This sections explains how to:
- Set up synchronization to import initial data from Oracle E-Business Suite to the One Identity Manager database.
- Adjust a synchronization configuration, for example, to synchronize different E-Business Suite systems with the same synchronization project.
- Start and deactivate the synchronization.
- Analyze synchronization results.
TIP: Before you set up synchronization with Oracle E-Business Suite, familiarize yourself with the Synchronization Editor. For detailed information about this tool, see the One Identity Manager Target System Synchronization Reference Guide.
Detailed information about this topic
Related topics
The Synchronization Editor provides several project templates with which Oracle E-Business Suite user accounts and entitlements can be selected from either organizational data or data from the Human Resource Module for setting up synchronization. You use these project templates to create synchronization projects with which you import the data from an Oracle E-Business Suite into your One Identity Manager database. In addition, the required processes are created that are used for the provisioning of changes to target system objects from the One Identity Manager database into the target system.
To create a synchronization configuration for the initial synchronization of an Oracle E-Business Suite:
- Prepare a user account with sufficient permissions for synchronizing in Oracle E-Business Suite.
-
One Identity Manager components for managing Oracle E-Business Suite environments are available if the TargetSystem | EBS configuration parameter is set.
- Install and configure a synchronization server and declare the server as a Job server in One Identity Manager.
- Create a synchronization project with the Synchronization Editor.
Detailed information about this topic
The following users are involved in synchronizing One Identity Manager with Oracle E-Business Suite.
Table 2: Users for synchronization
User for accessing the target system (synchronization user) |
You must provide a user account with the minimum permissions required for full synchronization of Oracle E-Business Suite objects with the supplied One Identity Manager default configuration. For more information, see How to prepare the synchronization user and Permissions required for synchronizing with Oracle E-Business Suite. |
One Identity Manager Service user account |
The user account for the One Identity Manager Service requires user permissions to carry out operations at file level (adding and editing directories and files).
The user account must belong to the Domain users group.
The user account must have the Login as a service extended user permissions.
The user account requires permissions for the internal web service.
NOTE: If the One Identity Manager Service runs under the network service (NT Authority\NetworkService), you can grant permissions for the internal web service with the following command line call:
netsh http add urlacl url=http://<IP address>:<port number>/ user="NT AUTHORITY\NETWORKSERVICE"
The user account needs full access to the One Identity Manager Service installation directory in order to automatically update One Identity Manager.
In the default installation, One Identity Manager is installed under:
|
User for accessing the One Identity Manager database |
The Synchronization default system user is provided to run synchronization using an application server. |
You have three ways of providing a synchronization user with all the permissions required for accessing the Oracle E-Business Suite.
Scenario 1: |
Use the APPS user as the synchronization user. |
Scenario 2: |
Load the wrapper package supplied into the APPS schema and add the synchronization user using the script provided. |
Scenario 3: |
Add a synchronization user who has a minimum of all the permissions listed. |
In Oracle E-Business Suite version 12.2, the calling permissions of standard packages have been changed (from CURRENT_USER AUTHID to DEFINER AUTHID). To be able to run operations for user accounts in the target system, you now require the user APPS. Use Scenario 1 or 2, in this case, to provide the synchronization user. If you are working with Oracle E-Business Suite 12.1, you can also use scenario 3.
Scenario 1:
To ensure that the Oracle E-Business Suite can run connector operations for user accounts in the target system, use the APPS user as the synchronization user.
Scenario 2:
If you cannot use the APPS user as the synchronization user directly, create a synchronization user with the required minimum permissions. Use the script supplied and the wrapper package to do this. You will find these files on the One Identity Manager installation medium in the Modules\EBS\dvd\AddOn\SDK directory.
To add the synchronization user
-
Add the FND_USER_Wrapper.sql wrapper package to the APPS schema of your Oracle Database.
-
Add the synchronization user with minimum permissions. Use the script CreateSyncUser.sql for this.
Take note of the comment in the script to replace the &&username and &&password variables.
This script creates a user with the required permissions. The wrapper ensures that the user also obtains the implicit permissions for the package apps.fnd_user_pkg.
Scenario 3:
If you cannot use either scenario 1 or scenario 2, create a synchronization user with all required permissions.
IMPORTANT: The synchronization user requires:
Detailed information about this topic