Chat now with support
Chat with Support

Identity Manager 8.1.4 - Administration Guide for Connecting to Oracle E-Business Suite

Mapping an Oracle E-Business Suite in One Identity Manager Synchronizing Oracle E-Business Suite
Setting up the initial synchronization Customizing the synchronization configuration Executing synchronization Tasks after a synchronization Troubleshooting
Managing E-Business Suite user accounts and employees Provision of login information Managing entitlement assignments Mapping of E-Business Suite objects in One Identity Manager Handling of E-Business Suite objects in the Web Portal Basic configuration data Access rights required for synchronizing with Oracle E-Business Suite Default project templates for synchronizing an Oracle E-Business Suite Editing system objects Configuration parameters for managing Oracle E-Business Suite Example of a schema extension file About us

Administrative user accounts

An administrative user account must be used for certain administrative tasks. Administrative user accounts are usually predefined by the target system and have fixed names and login names, such as Administrator.

Administrative user accounts are imported into One Identity Manager during synchronization.

NOTE: Some administrative user accounts can be automatically identified as privileged user accounts. To do this, in the Designer, enable the Mark selected user accounts as privileged schedule.

You can label administrative user accounts as a Personalized administrator identity or as a Shared identity. Proceed as follows to provide the employees who use this user account with the required permissions.

  • Personalized admin identity

    1. Use the UID_Person column to link the user account with an employee.

      Use an employee with the same identity or create a new employee.

    2. Assign this employee to hierarchical roles.

  • Shared identity

    1. Assign all employees with usage authorization to the user account.

    2. Link the user account to a dummy employee using the UID_Person column.

      Use an employee with the same identity or create a new employee.

    3. Assign this dummy employee to hierarchical roles.

    The dummy employee provides the user account with its permissions.

Related topics

Privileged user accounts

Privileged user accounts are used to provide employees with additional privileges. This includes administrative user accounts or service accounts, for example. The user accounts are labeled with the Privileged user account property (IsPrivilegedAccount column).

NOTE: The criteria according to which user accounts are automatically identified as privileged are defined as extensions to the view definition (ViewAddOn) in the TSBVAccountIsPrivDetectRule table (which is a table of the Union type). The evaluation is done in the TSB_SetIsPrivilegedAccount script.

To create privileged users through account definitions

  1. Create an account definition. Create a new manage level for privileged user accounts and assign this manage level to the account definition.
  2. If you want to prevent the properties for privileged user accounts from being overwritten, set the IT operating data overwrites property for the manage level to Only initially. In this case, the properties are populated just once when the user accounts are created.
  3. Specify the effect of temporarily or permanently disabling or deleting, or the security risk of an employee on its user accounts and group memberships for each manage level.
  4. Create a formatting rule for the IT operating data.

    You use the mapping rule to define which rules are used to map the IT operating data for the user accounts, and which default values are used if no IT operating data can be determined through a person's primary roles.

    Which IT operating data is required depends on the target system. The following settings are recommended for privileged user accounts:

    • In the mapping rule for the IsPrivilegedAccount column, use the default value 1 and set the Always use default value option.
    • You can also specify a mapping rule for the IdentityType column. The column owns different permitted values that represent user accounts.
    • To prevent privileged user accounts from inheriting the entitlements of the default user, define a mapping rule for the IsGroupAccount column with a default value of 0 and set the Always use default value option.
  5. Enter the effective IT operating data for the target system.

    Specify in the departments, cost centers, locations, or business roles which IT operating data should apply when you set up a user account.

  6. Assign the account definition directly to employees who work with privileged user accounts.

    When the account definition is assigned to an employee, a new user account is created through the inheritance mechanism and subsequent processing.

TIP: If customization requires that the login names of privileged user accounts follow a defined naming convention, create the template according to which the login names are formed.

  • To use a prefix for the login name, in the Designer, set the TargetSystem | EBS | Accounts | PrivilegedAccount | AccountName_Prefix configuration parameter.
  • To use a postfix for the login name, in the Designer, set theTargetSystem | EBS | Accounts | PrivilegedAccount | AccountName_Postfix configuration parameter.

These configuration parameters are evaluated in the default installation, if a user account is marked with the Privileged user account property (IsPrivilegedAccount column). The user account login names are renamed according to the formatting rules. This also occurs if the user accounts are labeled as privileged using the Mark selected user accounts as privileged schedule.

Related topics

Assigning employees with specific permissions to a user account with shared identity

Assign employees who use the user account in the target system to an administrative user account with a shared identity. Only employees with Primary identity can be assigned.

To assign employees with user permissions

  1. Select the Oracle E-Business Suite | User accounts category.

  2. In the result list, select the user account with a shared identity.

  3. Select the Assign employees authorized to use task.

  4. In the Add assignments pane, assign employees.

    - OR -

    In the Remove assignments pane, remove employees.

  5. Save the changes.

Provision of login information

When new user accounts are created in One Identity Manager, the passwords needed to log in to the target system are created immediately also. Various options are available for assigning the initial password. Predefined password policies are applied to the passwords, and you can adjust these policies to suit your individual requirements if necessary. You can set up email notifications to distribute the login information generated to users.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating