Preparing Oracle Sales Cloud
Before registering your Oracle Sales Cloud application instance with Oracle CASB Cloud Service, you need to create a dedicated administrative user within Oracle Sales Cloud and ensure that Oracle Sales Cloud auditing is enabled.
Creating a Dedicated Oracle CASB Cloud Service User in Oracle Sales Cloud
Create a dedicated user account for Oracle CASB Cloud Service in the Oracle Sales Cloud account that you want to monitor.
The user cannot use multifactor or federated authentication (for example, through a single sign-on service). You will use the login credentials for this user to allow Oracle CASB Cloud Service to connect to Oracle ERP Cloud and retrieve system events.
Note:
If you have already created a dedicated Oracle CASB Cloud Service administrative user account for another application within Oracle Applications Cloud, it is not necessary to create another user now.-
You can use that existing user for all Oracle Applications Cloud services to communicate with Oracle CASB Cloud Service.
-
Or you can create a new user for individual Oracle Applications Cloud services, if you prefer.
Enabling Role Auditing for Oracle Sales Cloud
Set the security level for Oracle Platform Security Services (OPSS) auditing to capture all of the security events for the role changes that you want Oracle CASB Cloud Service to audit.
The default OPSS audit level for Oracle Fusion Applications is “none” — you must change this setting to Low - Critical Events Only, in order to fully enable role auditing.
Note:
You only need to set the OPSS audit level once, to support role auditing for all the application instances from the same Fusion Applications POD that are registered in the same Oracle CASB Cloud Service tenant.
- Log in to the Oracle Fusion Applications console.
- In the Oracle Fusion Applications console home page:
- Open the Navigator.
- Scroll down.
- Click Setup and Maintenance in the lower-right corner.
- On the Setup: Compensation Management page:
- In the Search Tasks box, enter manage audit policies.
- Click the Search icon .
- In the search results, select Manage Audit Policies.
- On the Manage Audit Policies page:
- At the right end of the Oracle Platform Security Services row, set Audit Level to Low - Critical Events Only.
- Click Save and Close.
Enabling Association of Oracle CASB Cloud Service with Oracle Access Manager (OAM) for Sales Cloud
If you want to enable OAM association Oracle CASB Cloud Service, submit an Oracle Service Request.
This task is necessary to ensure that auditing is enabled for login and logout for Fusion Application instances that Oracle Sales Cloud monitors.
Note:
You only need to enable OAM association once for the same Fusion Applications pod in the same Oracle CASB Cloud Service tenant. The OAM association option is then available to all instances of Oracle Fusion Applications (such as Oracle ERP Cloud, Oracle HCM Cloud, or Oracle Sales Cloud) in that Fusion Applications pod on that Oracle CASB Cloud Service tenant.
Enabling OAM association is a two-step process:
-
First, you must submit an Oracle Service Request.
-
After that request is fulfilled, you must enable OAM once for a Fusion Application in Oracle CASB Cloud Service.
You can do this when you register your Oracle Sales Cloud instance (see Adding an Oracle ERP Cloud Instance), or after registration (see Updating the Credentials for an Oracle ERP Cloud Instance).
Submitting an Oracle Support Service Request to enable OAM
Note:
In order to associate with OAM, you must be using Oracle Access Manager version R13 18.02 and you must request that your Oracle CASB Cloud Service tenant be enabled. To enable association with Oracle Access Manager, contact Oracle Support (http://support.oracle.com). If you have not registered yet, you will need your Customer Support Identifier (CSI) in order to register to submit service request tickets. As an alternative, you can also contact your Oracle CASB Customer Success Manager.
Whitelisting Oracle CASB Cloud Service if Oracle Sales Cloud Fusion POD is Whitelisted
If Oracle Sales Cloud Fusion POD is whitelisted, you must whitelist some IP addresses for Oracle CASB Cloud Service.
- Browse to the Oracle Knowledge Base article, How To Integrate Oracle Fusion Cloud With Oracle CASB.
- Scroll down to the section titled, Deployment Considerations If Fusion POD is whitelisted.
- Whitelist the IP address listed there for the URL where your Oracle CASB Cloud Service tenant is hosted.