Oracle E-Business Suite
Before You Begin
Introduction
This document describes how to synchronize users, roles, and responsibilities between Oracle E-Business Suite and Oracle Identity Cloud Service.
About Oracle E-Business Suite
Oracle E-Business Suite is a complete set of business applications for managing and automating processes across your enterprise. These processes include customer relationship management (CRM), enterprise resource planning (ERP), and supply chain management (SCM) processes.
After integrating Oracle E-Business Suite and Oracle Identity Cloud Service, administrators can use the Identity Cloud Service console to:
- Synchronize users from Oracle E-Business Suite to Oracle Identity Cloud Service.
- Assign and revoke user access to Oracle E-Business Suite.
- Manage Oracle E-Business Suite users, roles, and responsibilities.
What Do You Need?
- An Oracle Identity Cloud Service account with authorization rights to manage apps and users (by being assigned to the identity domain administrator, security administrator, or application administrator role).
- An Oracle E-Business Suite account with authorization rights to manage users, roles, and responsibilities.
Prerequisite Steps
Before you can synchronize users, roles, and responsibilities between Oracle E-Business Suite and Oracle Identity Cloud Service, you must:
For target systems running Oracle Database release 19.x, download and apply the Oracle Database patch 31142749 from My Oracle Support. Applying this patch ensures updates provisioning operations.
Install and configure a Provisioning Bridge in Oracle Identity Cloud Service. This bridge provides a link between Oracle E-Business Suite and Oracle Identity Cloud Service. Oracle Identity Cloud Service can synchronize with Oracle E-Business Suite so that any new, updated, or deleted users are transferred into Oracle Identity Cloud Service. See the Manage Provisioning Bridges for Oracle Identity Cloud Service chapter in Administering Oracle Identity Cloud Service.
Use the App Catalog to add the Oracle E-Business Suite app to Oracle Identity Cloud Service. The Provisioning Bridge uses this app to synchronize, import, and provision users, roles, and responsibilities between Oracle E-Business Suite and Oracle Identity Cloud Service. See Add an App Catalog Application in Administering Oracle Identity Cloud Service.
Create a User in Oracle E-Business Suite
Use this section to create a user in Oracle E-Business Suite that the Provisioning Bridge can use to synchronize, import, and provision users between Oracle E-Business Suite and Oracle Identity Cloud Service.
Note: You must have DBA privileges to run the scripts described in this section and grant the required permissions to the Oracle E-Business Suite user. You must have Oracle Database Client installed on the computer on which you perform the procedure described in this section. The Oracle Database Client release must be the same as the database release. In addition, if Oracle Database Client isn't installed on the database host computer, then the tnsnames.ora file on the Oracle Database Client host must contain an entry for the SID of the database.
Oracle Identity Cloud Service requires this user to access Oracle E-Business Suite. You provide the credentials of this user while performing the procedure described in Enable Provisioning and Synchronization for Oracle E-Business Suite.
Copy the scripts folder to a temporary folder on either the target system host computer or a computer on which the Oracle Database Client has been installed.
Note: The scripts folder is one of the folders that was created when you unzipped the file that you used to install and configure a Provisioning Bridge in Oracle Identity Cloud Service. See Create a Provisioning Bridge in Administering Oracle Identity Cloud Service.
On the computer where you copied the scripts folder, verify that there's a TNS entry in the tnsnames.ora file for the target system database.
Change to the directory containing the scripts folder and, depending on the host platform, run either the Run_UM_DBScripts.sh or Run_UM_DBScripts.bat file. These files are present in the scripts folder.
When you run the script, you're prompted for the following information:
Prompt Value Enter the ORACLE_HOME Set a value for the ORACLE_HOME environment variable. This prompt is displayed only if the ORACLE_HOME environment variable hasn't been set on the computer on which you're running the script. Enter the System User Name Enter the login (user name) of a DBA account with the privileges to create and configure a new user in Oracle E-Business Suite. Enter the name of the database Enter the connection string or service name given in the tnsnames.ora file to connect to the Oracle E-Business Suite database. This connects you to the SQL*Plus client. Enter password Enter the password of the APPS user in Oracle E-Business Suite. The type and package are created, and then the connection to the database is disconnected. Enter password Enter the password of the dba user. Enter New database Username to be created Enter a user name for the Oracle E-Business Suite user that you want to create. Enter the New user password Enter a password for the Oracle E-Business Suite user that you want to create. This installs all wrappers packages under the APPS schema, creates the new user, and then grants all the required privileges on the tables and packages. Connecting with newly created database user Enter the connection string or service name that you provided earlier. The Oracle E-Business Suite user is created.
Determine Values for the JDBC URL and Connection Properties Parameters
Use this section to learn about the JDBC URL and Connection Properties parameters. You apply the information in this section while configuring the Provisioning Bridge for the Oracle E-Business Suite application. This procedure is discussed in Enable Provisioning and Synchronization for Oracle E-Business Suite.
The values that you specify for the JDBC URL and Connection Properties parameters depend on the security measures that you have implemented.
Supported JDBC URL Formats
The following are the supported JDBC URL formats:
Multiple database instances support one service (Oracle RAC)
JDBC URL format:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=HOST1_NAME.DOMAIN)(PORT=PORT1_NUMBER))(ADDRESS=(PROTOCOL=TCP)(HOST=HOST2_NAME.DOMAIN)(PORT=PORT2_NUMBER))(ADDRESS=(PROTOCOL=TCP)(HOST=HOST3_NAME.DOMAIN)(PORT=PORT3_NUMBER)) . . . (ADDRESS=(PROTOCOL=TCP)(HOST=HOSTn_NAME.DOMAIN)(PORT=PORTn_NUMBER))(CONNECT_DATA=(SERVICE_NAME=ORACLE_DATABASE_SERVICE_NAME)))
Sample value:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST= host1.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host2.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host3.example.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host4.example.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME= srvce1)))
One database instance supports one service
JDBC URL format:
jdbc:oracle:thin:@HOST_NAME.DOMAIN:PORT_NUMBER:ORACLE_DATABASE_SERVICE_NAME
Sample value:
jdbc:oracle:thin:@host1.example:1521:srvce1
One database instance supports multiple services (for Oracle Database 10g and later)
JDBC URL format:
jdbc:oracle:thin:@//HOST_NAME.DOMAIN:PORT_NUMBER/ORACLE_DATABASE_SERVICE_NAME
Sample value:
jdbc:oracle:thin:@host1.example.com:1521/srvce1
Only SSL Communication Is Configured
After you configure SSL communication, the database URL is recorded in the tnsnames.ora file. See Local Naming Parameters in the tnsnames.ora File in Oracle Database Net Services Reference for detailed information about this file.
The following are sample formats of the contents of the tnsnames.ora file. In these formats, DESCRIPTION contains the connection descriptor, ADDRESS contains the protocol address, and CONNECT_DATA contains the database service identification information.
Sample Format 1:
NET_SERVICE_NAME=
(DESCRIPTION=
(ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
(CONNECT_DATA=
(SERVICE_NAME=SERVICE_NAME)))
Sample Format 2:
NET_SERVICE_NAME=
(DESCRIPTION_LIST=
(DESCRIPTION=
(ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
(ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
(ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
(CONNECT_DATA=
(SERVICE_NAME=SERVICE_NAME)))
(DESCRIPTION=
(ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
(ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
(ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
(CONNECT_DATA=
(SERVICE_NAME=SERVICE_NAME))))
Sample Format 3:
NET_SERVICE_NAME=
(DESCRIPTION=
(ADDRESS_LIST=
(LOAD_BALANCE=on)
(FAILOVER=off)
(ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
(ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)))
(ADDRESS_LIST=
(LOAD_BALANCE=off)
(FAILOVER=on)
(ADDRESS=(PROTOCOL_ADDRESS_INFORMATION))
(ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)))
(CONNECT_DATA=
(SERVICE_NAME=SERVICE_NAME)))
If you have configured only SSL communication and imported the certificate that you create on the Oracle E-Business Suite host computer into the JVM certificate store of Oracle Identity Cloud Service, then enter the following value for the JDBC URL parameter:
**jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=myhost)(PORT=2484)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=mysid)))**
Note: The value that you specify for the JDBC URL parameter must be derived from the value of NET_SERVICE_NAME in the tnsnames.ora file. Also, as shown in this example, because you're configuring SSL, you only have to include the (ADDRESS=(PROTOCOL=TCPS)(HOST=HOST_NAME)(PORT=2484)) element. You don't have to include other (ADDRESS=(PROTOCOL_ADDRESS_INFORMATION)) elements.
Both Data Encryption and Integrity and SSL Communication Are Configured
If both data encryption and integrity and SSL communication are configured, then specify a value for the JDBC URL parameter by entering a comma-separated combination of the values for the JDBC URL parameter described in the Only SSL Communication Is Configured section. For example:
**jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=myhost)(PORT=2484)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=mysid)))**
Enable Provisioning and Synchronization for Oracle E-Business Suite
In this section, you enable provisioning and synchronization for managing users in Oracle E-Business Suite through Oracle Identity Cloud Service. You do this by assigning the Provisioning Bridge that you installed and configured to the on-premises Oracle E-Business Suite app in Oracle Identity Cloud Service. This bridge serves as a provisioning and synchronizing agent between Oracle Identity Cloud Service and the app.
Note: You installed and configured a Provisioning Bridge in Oracle Identity Cloud Service and you added the Oracle E-Business Suite app to Oracle Identity Cloud Service in Prerequisite Steps.
Enable Provisioning
From the Identity Cloud Service console that you're accessing as an identity domain administrator, security administrator, or application administrator, expand the Navigation Drawer, and then click Applications.
Click the Oracle E-Business Suite app that you added in Prerequisite Steps.
Click Provisioning.
Turn on the Enable Provisioning switch.
In the Confirmation window, click OK.
From the Associate with Provisioning Bridge list, select the Provisioning Bridge that you installed and configured in Prerequisite Steps.
Note: If the Provisioning Bridge has an inactive status, then activate it. See Activate Provisioning Bridges in Administering Oracle Identity Cloud Service.
In the Configure Connectivity section, use the following table to configure connectivity for establishing a connection with the Oracle E-Business Suite app:
Parameter Value Administrator Username Enter the user name of the Oracle E-Business Suite user that you created in Create a User in Oracle E-Business Suite. Administrator Password Enter the password of the Oracle E-Business Suite user that you created in Create a User in Oracle E-Business Suite. JDBC URL template Enter the JDBC connection string that you created in Determine Values for the JDBC URL and Connection Properties Parameters. Click Test Connectivity to verify the connection with the Oracle E-Business Suite app. Oracle Identity Cloud Service displays a confirmation message.
To view predefined attribute mappings between the users in Oracle Identity Cloud Service and the users in Oracle E-Business Suite, click Attribute Mapping, and then click OK.
Use the following table to see the default attribute mappings when users are provisioned from Oracle Identity Cloud Service to Oracle E-Business Suite.
Oracle Identity Cloud Service User Oracle E-Business Suite User $(user.userName) name $(user.emails[primary=true].value) email $(user.active) active #current_date_time() startDate Note: When a user is provisioned to Oracle E-Business Suite, the current date (#current_date_time()) is the user's start date (startDate).
To add a new attribute mapping, click Add Row, specify the attributes in the User and Oracle eBusiness Suite - User Management Account columns, and then click OK. For example, if you want to add the External ID user attribute, enter $(user.externalId) in the User column, and then select the corresponding Oracle E-Business User field from the drop-down list in the Oracle eBusiness Suite - User Management Account column.
Specify the provisioning operations that you want to enable for Oracle E-Business Suite:
Note: By default, the Create Account, Update Account, De-activate Account, and Delete Account check boxes are selected.
- Create Account: Automatically creates an Oracle E-Business Suite user when Oracle E-Business Suite access is granted to the corresponding user in Oracle Identity Cloud Service.
- Update Account: Automatically updates an Oracle E-Business Suite user when the corresponding user is updated in Oracle Identity Cloud Service.
- De-activate Account: Automatically activates or deactivates the Oracle E-Business Suite user when the corresponding user is activated or deactivated in Oracle Identity Cloud Service.
- Delete Account: Automatically revokes a user from Oracle E-Business Suite when Oracle E-Business Suite access is revoked from the corresponding user in Oracle Identity Cloud Service.
Note: User Life cycle management is supported for this application.
Enable Synchronization
In the Provisioning page, turn on the Enable Synchronization switch.
From the User Identifier drop-down list, select the Oracle Identity Cloud Service user attribute that you want to match with the corresponding record fetched from Oracle E-Business Suite:
- Primary Email Address: Primary email address of the Oracle Identity Cloud Service user.
- User Name: User name of the Oracle Identity Cloud Service user.
Note: By default, the Primary Email Address option is selected from the drop-down list. Leave this default attribute for accurate synchronization of user records.
To match an Oracle E-Business Suite user attribute with the existing Oracle Identity Cloud Service user, select an attribute from the Application Identifier drop-down list.
Note: By default, the name option is selected. This option represents the Email attribute of the Oracle E-Business Suite user. Don't change this default option.From the When exact match is found drop-down list, select one of the following actions to be performed when a matching Oracle Identity Cloud Service user is found for an Oracle E-Business Suite user:
- Link and confirm: Automatically links and confirms the matched Oracle E-Business Suite user to the corresponding Oracle Identity Cloud Service user based on the defined User Identifier and Application Identifier fields.
- Link but do not confirm: Automatically links all matched Oracle E-Business Suite users to the corresponding Oracle Identity Cloud Service users based on the defined User Identifier and Application Identifier fields. You need to confirm the linked users manually.
In the Max. number of creates field, enter a number that's greater than or equal to 10. This value limits the number of accounts to be created during the synchronization run.
In the Max. number of deletes field, enter a number that's greater than or equal to 10. This value limits the number of accounts to be deleted during the synchronization run.
To specify a schedule for the synchronization, from the Synchronization Schedule drop-down list, select Never, Every Hour, Every Day, or Every Week.
You can manage Oracle E-Business Suite users through Oracle Identity Cloud Service. For more information on performing provisioning tasks, see the Managing Oracle Identity Cloud Service Users and Managing Oracle Identity Cloud Service Groups chapters in Administering Oracle Identity Cloud Service.
Click Save, Activate, and then, in the Confirmation window, click OK. Oracle Identity Cloud Service displays a confirmation message.
Synchronize Data from Oracle E-Business Suite to Oracle Identity Cloud Service
In this section, you synchronize users from Oracle E-Business Suite and link them to the corresponding Oracle Identity Cloud Service users. You also synchronize roles and responsibilities for the users from Oracle E-Business Suite to Oracle Identity Cloud Service.
In the Oracle E-Business Suite app that you added in Prerequisite Steps, click the Import tab.
Click the Import button.
Note: If this button is grayed out, then click the Provisioning tab and verify that both the Enable Provisioning and Enable Synchronization switches are turned on, and that the Oracle E-Business Suite app is activated.
Verify that you see a status of Running for the job that Oracle Identity Cloud Service uses to synchronize users, roles, and responsibilities from Oracle E-Business Suite.
After all users, roles, and responsibilities are synchronized, the Import tab lists the Oracle E-Business Suite users and the job status changes to Success.
Note: If you don't see the status change after a few minutes, then click Refresh.
Oracle Identity Cloud Service tries to match each Oracle E-Business Suite user with an existing user in Oracle Identity Cloud Service. If a user exists, then the user is assigned to the Oracle E-Business Suite app. If the user doesn't exist, then from the Actions column of the Import tab, you can perform one of the following actions:
- Assign Existing User: Assign the Oracle E-Business Suite user to any user in Oracle Identity Cloud Service.
- Create New User and Link: Add a new user to Oracle Identity Cloud Service, and then assign the Oracle E-Business Suite user to this newly created user.
Provision and Synchronize a User's Roles and Responsibilities
In this section, you use Oracle Identity Cloud Service to provision Oracle E-Business Suite roles and responsibilities for a user that you synchronized from Oracle E-Business Suite. Then, you assign additional roles and responsibilities for the user in Oracle E-Business Suite, and synchronize these roles and responsibilities into Oracle Identity Cloud Service. The state of the user's roles and responsibilities is synchronized between Oracle E-Business Suite and Oracle Identity Cloud Service.
In the Oracle E-Business Suite app that you added in Prerequisite Steps, click the Users tab.
Click the Action menu to the right of the user to which you want to provision roles and responsibilities, and then select Edit from the menu that appears.
In the Assign Application window:
a. Click the Roles field, and then select a role that you want to provision to the user.
b. Click the Responsibilities field, and then select a responsibility for the user.
c. Click Save.
Note: By clicking Save, Oracle Identity Cloud Service provisions the user with the role and responsibility you selected.
Access the Oracle E-Business Suite console as an administrator.
From the Navigation Drawer of the console, click User Management, and then click Users. The Users page appears.
In the User Name field, enter the user name of the Oracle E-Business Suite user to which you provisioned a role and responsibility, and then click Go.
Tip: Instead of entering the full user name, you can enter part of the user name, and then enter % as a wildcard character.
Click the Update icon to the right of the user name.
Verify that in the Roles tab of the Users page, the role and responsibility that you provisioned for the user appear.
Note: Both the role and responsibility have a status of Assigned.
Click Assign Roles.
In the Search and Select: Assign Roles window:
a. Enter the name of the role or responsibility that you want to assign to the user, and then click Go.
b. Select the check box to the left of the role and responsibility, and then click Select.
In the Justification field of the Roles tab, enter a reason why the user is to have access to the role or responsibility, click Save, and then click Apply.
In the Identity Cloud Service console, click the Import tab of the the Oracle E-Business Suite app.
Click the Import button.
Verify that you see a status of Running for the job that Oracle Identity Cloud Service uses to synchronize users, roles, and responsibilities from Oracle E-Business Suite.
After the status of the job changes from Running to Success, click the Users tab, click the Action menu to the right of the user that you synchronized a role or responsibility from Oracle E-Business Suite, and then select Edit from the menu that appears.
Note: If you don't see the job status change to Success after a few minutes, then click Refresh.
In the Assign Application window, verify that you see the role or responsibility that you assigned to the user in Oracle E-Business Suite.
The state of the user's roles and responsibilities is synchronized between Oracle E-Business Suite and Oracle Identity Cloud Service.
Close the Assign Application window.
Revoke a User's Roles and Responsibilities
In this section, you use both Oracle Identity Cloud Service and Oracle E-Business Suite to revoke the roles and responsibilities of an Oracle E-Business Suite user.
In the Oracle E-Business Suite app that you added in Prerequisite Steps, click the Action menu to the right of the user to which you want to revoke roles and responsibilities, and then select Edit from the menu that appears.
In the Assign Application window, click the X button for the role and responsibility that you want to revoke from the user, and then click Save.
Note: By clicking Save, Oracle Identity Cloud Service revokes the role and responsibility from the user.
In the Users page of the Oracle E-Business Suite console, use the User Name field to enter the user name of the Oracle E-Business Suite user to which you revoked the role and responsibility, and then click Go.
Click the Update icon to the right of the user name.
Verify that in the Roles tab of the Users page, the status of both the role and responsibility that you revoked for the user changed from Assigned to Inactive.
Note: In Oracle E-Business Suite, revoking the access that a user has to a role or responsibility doesn't remove the role or responsibility from the console. This is done for auditing and compliance purposes.
Click the carat to expand the role or responsibility that still has a status of Assigned.
In the Active To field, enter today's date, click Save, and then click Apply.
Note: By entering today's date in the Active To field, you're revoking the access that the user has to the role or responsibility.
In the Identity Cloud Service console, click the Import tab of the Oracle E-Business Suite app.
Click the Import button.
Verify that you see a status of Running for the synchronization job.
After the status of the job changes from Running to Success, click the Users tab, click the Action menu to the right of the user that you revoked a role or responsibility from Oracle E-Business Suite, and then select Edit from the menu that appears.
Note: If you don't see the job status change to Success after a few minutes, then click Refresh.
In the Assign Application window, verify that you no longer see the role or responsibility that you revoked from the user in Oracle E-Business Suite.
The state of the revocation of the user's roles and responsibilities is synchronized between Oracle E-Business Suite and Oracle Identity Cloud Service.
Close the Assign Application window.
Revoke a User
In this section, you use Oracle Identity Cloud Service to revoke a user's access to Oracle E-Business Suite, and then verify in Oracle E-Business Suite that the user's access is revoked.
In the Oracle E-Business Suite app that you added in Prerequisite Steps, select the check box to the right of the user that you want to revoke from Oracle E-Business Suite, and then click Revoke.
In the Confirmation window, click OK.
Note: By clicking OK, Oracle Identity Cloud Service revokes the access that the user has to Oracle E-Business Suite. The date at which the user's access is revoked in Oracle Identity Cloud Service is the user's end date in Oracle E-Business Suite.
In the Users page of the Oracle E-Business Suite console, use the User Name field to enter the user name of the Oracle E-Business Suite user to which you revoked access, and then click Go.
Verify that the user's status is Inactive.
Note: In Oracle E-Business Suite, revoking a user's access doesn't remove the user. This is done for auditing and compliance purposes.
Troubleshooting
Use this section to locate solutions to common integration issues.
Unknown Issues
For unknown issues, contact Oracle Support:
Go to https://support.oracle.com.
Select Cloud Support, and then sign in with your support credentials.
In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.
Select Oracle Identity Cloud Service as the service type.
Complete your service request.