PeopleSoft

Before You Begin

Introduction

The PeopleSoft Tools integration helps you to manage PeopleSoft Tools-based user profiles, records in PeopleSoft applications including Role and Permission, with the help of Oracle Identity Cloud Service.

About the Oracle PeopleSoft Tool

Managing your workforce globally often requires region- or country-specific features and functions in Human Resources (HR) and Payroll. Oracle’s PeopleSoft Enterprise Human Resources and Global Payroll applications help to make this possible. Being compliant with HR regulations is essential. Making timely payments to your workforce while lowering your total cost of ownership is a business goal your organization can achieve. With PeopleSoft Enterprise country extensions, you have complete control over all aspects of your local HR and payroll operations, including statutory payroll and reporting requirements.

After integrating Oracle PeopleSoft and Oracle Identity Cloud Service, administrators can use the Identity Cloud Service console to:

  • Assign and revoke user access to the Oracle PeopleSoft Tool.
  • Manage users, user roles and permission lists.

What Do You Need?

  • An Oracle Identity Cloud Service Identity Domain Administrator, Security Administrator, or Application Administrator account so that you can manage apps and user accounts.
  • An Oracle PeopleSoft account with authorization rights to manage users, roles and permission list.

Prerequisite Steps

Before you can synchronize users and roles between Oracle PeopleSoft and Oracle Identity Cloud Service, you must:

  • Install and configure a Provisioning Bridge in Oracle Identity Cloud Service. This bridge provides a link between Oracle PeopleSoft and Oracle Identity Cloud Service. Oracle Identity Cloud Service can synchronize with Oracle PeopleSoft so that any new, updated, or deleted user are synced with Oracle Identity Cloud Service. See the Manage Provisioning Bridges for Oracle Identity Cloud Service chapter in Administering Oracle Identity Cloud Service.
  • Use the App Catalog to add the Oracle PeopleSoft User management app to Oracle Identity Cloud Service. The Provisioning Bridge uses this app to synchronize, import, and provision users and roles between Oracle PeopleSoft and Oracle Identity Cloud Service. See Add an App Catalog Application in Administering Oracle Identity Cloud Service.

Create a User in Oracle PeopleSoft

Create a user in Oracle PeopleSoft so that the Provisioning Bridge can use it to synchronize, import and provision users between Oracle PeopleSoft and Oracle Identity Cloud Service.

Note: Permission lists, roles, and user profiles are the building blocks of PeopleSoft security. Each user of the system has an individual user profile, which in turn is linked to one or more roles. To each role, you can add one or more permission lists, which defines what a user can access. So, a user inherits permissions through the role that is attached to a user profile. You must create limited rights users who have restricted rights to access resources in the production environment to perform PeopleSoft-specific installation or maintenance operations. A limited rights user has the privilege to invoke PeopleSoft User Profile Component Interface Java APIs for provisioning.

Oracle Identity Cloud Service requires this user to access Oracle PeopleSoft Applications. You provide the credentials of this user while performing the procedure described in Enable and Associate Provisioning Bridge to the Oracle PeopleSoft App.

Create a Target System User Account for Operations

You must create a target system account with privileges required for application integration operations. The user account created on the target system has the permission to perform all the configurations required for application integration operations. This includes configuring the PeopleSoft Integration Broker for full sync. This account does not have access to pages or components that are not required by the integration.

The following steps describes the procedures to create an account:

Note: For creating the target system account, you must log in to PeopleSoft Internet Architecture with administrator credentials.

Create a Permission List

  1. Open a Web browser and enter the URL for PeopleSoft Internet Architecture. The URL is in the following format: http://IPADDRESS:PORT/psp/ps/?cmd=login. For example: http://172.21.109.69:9080/psp/ps/?cmd=login.

  2. In the PeopleSoft Internet Architecture window:

    • For PeopleTools 8.54 and earlier releases, expand PeopleTools, Security, Permissions & Roles, and then click Permission Lists.
    • For PeopleTools 8.55, 8.56, and 8.57, click NavBar, Navigator, PeopleTools, Security, Permissions & Roles, and then click Permission Lists.
  3. Click Add a new Value. On the Add a New Value tab, enter the permission list name, for example, OIMER, and then click Add.
  4. On the General tab, enter a description for the permission list in the Description field.

  5. On the Component Interfaces tab, click the search icon for the Name field and perform the following:

    a. In the Name lookup, enter USER_PROFILE and then click Lookup. From the list, select USER_PROFILE. The application returns to the Component Interfaces tab. Click Edit.

    b. On the Component Interface Permissions page, click Full Access(All).

    c. Click OK and then click Save.

    d. Click the plus sign (+) to add a row for the Name field and repeat Steps a through c for the DELETE_USER_PROFILE component interface.

  6. On the Pages tab, click the search icon for Menu Name and perform the following:

    a. Click the plus sign (+) to add a row for Menu Name. Click the search icon for Menu Name. In the Menu Name lookup, enter APPLICATION_ENGINE and then click Lookup. From the list, select APPLICATION_ENGINE The application returns to the Pages tab. Click Edit Components.

    b. On the Component Permissions page, click Edit Pages for the AE_REQUEST component name.

    c. Click Select All, and then click OK. Click OK on the Components Permissions page.

    d. On the Pages tab, click the plus sign (+) to add a row for Menu Name. Click the search icon for Menu Name. In the Menu Name lookup, enter IB_PROFILE and then click Lookup. From the list, select IB_PROFILE. The application returns to the Pages tab. Click Edit Components.

    e. On the Component Permissions page, click Edit Pages for each of the following component names:

    • IB_GATEWAY
    • IB_MESSAGE_BUILDER
    • IB_MONITOR_QUEUES
    • IB_NODE
    • IB_OPERATION
    • IB_QUEUEDEFN
    • IB_ROUTINGDEFN
    • IB_SERVICE
    • IB_SERVICEDEFN
    • IB_MONITOR

    f. Click Select All, and then click OK for each of the components. Click OK on the Components Permissions page.

    g. On the Pages tab, click the plus sign (+) to add another row for Menu Name.

    h. In the Menu Name lookup, enter PROCESSMONITOR and then click Lookup. From the list, select PROCESSMONITOR. The application returns to the Pages tab. Click Edit Components.

    i. On the Component Permissions page, click Edit Pages for the PROCESSMONITOR component name.

    j. Click Select All, and then click OK. Click OK on the Components Permissions page.

    k. On the Pages tab, click the plus sign (+) to add another row for Menu Name.

    l. In the Menu Name lookup, enter PROCESS_SCHEDULER and then click Lookup. From the list, select PROCESS_SCHEDULER. The application returns to the Pages tab. Click Edit Components.

    m. On the Component Permissions page, click Edit Pages for the PRCSDEFN component name.

    n. Click Select All, and then click OK. Click OK on the Components Permissions page.

  7. On the People Tools, select the Application Designer Access check box and click the Definition Permissions link. The Definition Permissions page is displayed.

  8. On this page, grant full access to the following object types by selecting Full Access from the Access list:

    • App Engine Program
    • Message
    • Component
    • Project
    • Application Package
  9. Click OK.

  10. Click the Tools Permissions link. The Tools Permissions page is displayed. On this page, grant full access to the SQL Editor tool by selecting Full Access from the Access list.

  11. Click OK. The application returns to the People Tools tab.

  12. On the Web Libraries tab, click the search icon for the Web Library Name field and perform the following:

    a. In the Web Library Name lookup, enter WEBLIB_PORTAL and then click Lookup. From the list, select WEBLIB_PORTAL. The application returns to the Web Libraries tab. Click the Edit link.

    b. On the WebLib Permissions page, click Full Access(All).

    c. Click OK and then click Save.

    d. Click the plus sign (+) to add a row for the Web Library Name field and repeat Steps a through c for the WEBLIB_PT_NAV library.

    e. Click Save to save all the settings specified for the permission list.

  13. On the Process tab, click the Process Group Permissions link. The Process Group Permission page is displayed.

  14. In the Process Group lookup, click the search icon. From the list, select TLSALL. The application returns to the Process Group Permission page.

  15. Click the plus sign(+) to add another row for Process Group.

  16. In the Process Group lookup, click the search icon. From the list, select STALL.The application returns to the Process Group Permission page.

  17. Click OK.

  18. Click Save.

Create a Role for a Limited Rights User

  1. Open a Web browser and enter the URL for PeopleSoft Internet Architecture. The URL is in the following format: http://IPADDRESS:PORT/psp/ps/?cmd=login For example: http://172.21.109.69:9080/psp/ps/?cmd=login.

  2. In the PeopleSoft Internet Architecture window:
    • For PeopleTools 8.54 and earlier releases, click PeopleTools, Security, Permissions & Roles, and then click Roles.
    • For PeopleTools 8.55, 8.56, and 8.57, click NavBar, Navigator, PeopleTools, Security, Permissions & Roles, and then click Roles.
  3. Click Add a new Value. On the Add a New Value tab, enter the role name, for example, OIMUM, and then click Add.

  4. On the General tab, enter a description for the role in the Description field.

  5. On the Permission Lists tab, click the search icon and perform the following:

    a. In the Permission Lists lookup, enter OIMUM and then click Lookup. From the list, select OIMUM.

    b. Click the plus sign (+) to add another row.

    c. In the Permission Lists lookup, enter EOEI9000. and then click Lookup. From the list, select EOEI9000.

    d. Click the plus sign (+) to add another row.

    e. In the Permission Lists lookup, enter EOCO9000 and then click Lookup. From the list, select EOCO9000.

    f. Click Save.

Assign the Required Privileges to the Target System Account

  1. Open a Web browser and enter the URL for PeopleSoft Internet Architecture. The URL is in the following format: http://IPADDRESS:PORT/psp/ps/?cmd=login. For example: http://172.21.109.69:9080/psp/ps/?cmd=login.

  2. In the PeopleSoft Internet Architecture window:

    • For PeopleTools 8.54 and earlier releases, click PeopleTools, Security, User Profiles, and then click User Profiles.
    • For PeopleTools 8.55, 8.56, and 8.57, click NavBar, Navigator, PeopleTools, Security, User Profiles, and then click User Profiles.
  3. Click Add a new Value.

  4. On the Add a New Value tab, enter the user profile name, for example, OIMUM, and then click Add.

  5. On the General tab, perform the following:

    a. From the Symbolic ID list, select the value that is displayed, for example, SYSADM1.

    b. Enter valid values for the Password and Confirm Password fields.

    c. Click the search icon for the Process Profile permission list.

    d. In the Process Profile lookup, enter OIMUM and then click Lookup. From the list, select OIMUM. The application returns to the General tab.

  6. On the ID tab, select none as the value of the ID type.

  7. On the Roles tab, click the search icon and perform the following:

    a. In the Roles lookup, enter OIMUM and then click Lookup. From the list, select OIMUM.

    b. Click the plus sign (+) to add another row.

    c. In the Roles lookup, enter ProcessSchedulerAdmin and then click Lookup. From the list, select ProcessSchedulerAdmin.

    d. Click the plus sign (+) to add another row.

    e. In the Roles lookup, enter EIR Administrator and then click Lookup. From the list, select EIR Administrator.

    f. Click Save to save this user profile.

    Oracle Identity Cloud Service uses this profile for integration related operations i.e. synching of users and provisioning.

Generating XML Files

The steps for Full Reconciliation on Peoplesoft Target 8.58.

Configuring the Target System for Full Reconciliation

Configuring the target system for full reconciliation involves configuring the USER_PROFILE message by performing the following procedures:

Activating the Full Data Publish Rule

You must define and activate this rule, because it acts as a catalyst for the Full Reconciliation process. This rule provides the Full Reconciliation process the desired information to initiate reconciliation.

  1. In the PeopleSoft Internet Architecture window, expand Enterprise Components, Integration Definitions, and then click Full Data Publish Rules.

  2. Search for and open the USER_PROFILE message.

  3. In the Publish Rule Definition region:

    a. In the Publish Rule ID field, enter IDCS_USER_PROFILE.

    b. In the Description field, enter IDCS_USER_PROFILE.

    c. From the Status list, select Active.

  4. Click Save.

Configure the Target System for Full Reconciliation

Configure the PeopleSoft Integration Broker

The following sections explain the procedures to configure the PeopleSoft Integration Broker.

Configure the PeopleSoft Integration Broker Gateway

PeopleSoft Integration Broker is installed as part of the PeopleTools installation process.

The Integration Broker Gateway is a component of PeopleSoft Integration Broker, which runs on the PeopleSoft Web Server. It is the physical hub between PeopleSoft and the third-party system. The integration gateway manages the receipt and delivery of messages passed among systems through PeopleSoft Integration Broker.

  1. Open a Web browser and enter the URL for PeopleSoft Internet Architecture. The URL for PeopleSoft Internet Architecture is in the following format: http://IPADDRESS:PORT/psp/ps/?cmd=login. For example: http://172.21.109.69:9080/psp/ps/?cmd=login.

  2. To display the Gateway component details, expand PeopleTools, Integration Broker, Configuration, and then click Gateways.
  3. In the Integration Gateway ID field, enter LOCAL and then click Search. The LOCAL gateway is a default gateway that is created when you install PeopleSoft Internet Architecture.
  4. Ensure that the IP address and host name specified in the URL of the PeopleSoft listener are those on which the target system is installed. The URL of the PeopleSoft listener is in one of the following formats: http://HOSTNAME_of_the_PeopleSoft_Web_Server or IP_address:port/PSIGW/PeopleSoftListeningConnector. For example: http://10.121.16.42:80/PSIGW/PeopleSoftListeningConnector.
  5. To load all target connectors that are registered with the LOCAL gateway, click Load Gateway Connectors. A window is displayed mentioning that the loading process is successful. Click OK.
  6. Click Save.
  7. Click Ping Gateway to check whether the gateway component is active. The PeopleTools version and the status of the PeopleSoft listener are displayed. The status should be ACTIVE.

Integration Broker Gateway

Configure PeopleSoft Integration Broker

PeopleSoft Integration Broker provides a mechanism for communicating with the outside world using XML files. Communication can take place between different PeopleSoft applications or between PeopleSoft and third-party systems. To subscribe to data, third-party applications can accept and process XML messages posted by PeopleSoft by using the available PeopleSoft connectors. The Integration Broker routes messages to and from PeopleSoft.

A remote node that you create within the Integration Broker acts as the receiver for XML messages from PeopleSoft. This remote node accepts XML messages and posts them as XML files to a folder that you specify. During a reconciliation run, a scheduled task running on Oracle Identity Manager uses the data in these XML files to Oracle Identity Manager.

  1. While creating the remote node, you use the value of the ig.fileconnector.password property in the integrationGateway.properties file. Determine the value of this property as follows:

    a. In the PeopleSoft Internet Architecture window expand PeopleTools, Integration Broker, Configuration, and then click Gateways.

    b. In the Integration Gateway ID field, enter LOCAL and then click Search.

    c. Click the Gateway Setup Properties link.

    d. Enter the user ID and password for accessing the integrationGateway.properties file, and then click OK.

    e. On the PeopleSoft Node Configuration page, click Advanced Properties Page. The contents of the integrationGateway.properties file are displayed.

    f. Search for electroencephalographic in the file contents. The line displayed in the file may be similar to the following sample line: ig.fileconnector.password={V1.1}%5GhbfJ89bvNT1HzF98==.

    g. Copy the text after (that is, to the right of) the equal sign of the property. For example, copy {V1.1}%5GhbfJ89bvNT1HzF98== from the line given in the preceding sample.

    Note: This is the password that you specify while creating the remote node. The sample password given here is encrypted. If the password displayed on your PeopleSoft installation is not encrypted, then you can encrypt it by following the steps given later in this section.

  2. In the PeopleSoft Internet Architecture window, expand PeopleTools, Integration Broker, Integration Setup, and then click Nodes.

  3. On the Add a New Value tab, enter the node name, for example, IDCS_FILE_NODE, and then click Add.

  4. On the Node Definition tab, provide the following values:
    • In the Description field, enter a description for the node.
    • In the Default User ID field, enter PS.
  5. Make this node a remote node by deselecting the Local Node check box and selecting the Active Node check box.

  6. Make the Node Type as PIA.

    Node Definitions

  7. On the Connectors tab, search for the following information by clicking the Lookup icon:
    • Gateway ID: LOCAL
    • Connector ID: FTPTARGET
  8. Once the Properties page is displayed after entering above information. On the Properties page in the Connectors tab, enter the following information:

    • Property ID: HEADER
      • Property Name: sendUncompressed
      • Required value: Y
    • Property ID: FTPTARGET
      • Property Name: HOSTNAME
      • Required value: Enter the hostname of the computer on which you want to generate the files. You can also give Identity Cloud Service hostname if ftp port is open.
    • Property ID: FTPTARGET
      • Property Name: USERNAME
      • Required value: Enter the hostname of the computer on which you want to generate the files.
    • Property ID: FTPTARGET
      • Property Name: PASSWORD
      • Required value: Enter the password of the computer on which you want to generate the files. Password should be in encrypted form. If the password is not already encrypted, then you can encrypt it as follows:
        • In the Password Encrypting Utility region, enter the value of the ig.fileconnector.password property in the Password and Confirm Password fields.
        • Click Encrypt.
        • From the Encrypted Password field, copy the encrypted password to the Value field for the Password property.
    • Property ID: FTPTARGET
      • Property Name: TYPE
      • Required value: ASCII
    • Property ID: FTPTARGET
      • Property Name: METHOD
      • Required value: PUT
    • Property ID: FTPTARGET
      • Property Name: FTPS
      • Required value: N
    • Property ID: FTPTARGET
      • Property Name: FTPMODE
      • Required value: ACTIVE
    • Property ID: FTPTARGET
      • Property Name: DIRECTORY
      • Required value: Enter the location where you want to generate xmls.
  9. Click Save.
  10. Click Ping Node to check whether a connection is established with the specified IP address. Connections Properties

Configure the USER_PROFILE Service Operation

To configure the USER_PROFILE service operation, perform the following procedures.

Activate the USER_PROFILE Service Operation

The service operation is a mechanism to trigger, receive, transform, and route messages that provide information about updates in the PeopleSoft or an external application. You must activate the service operation for successful transmission and receipt of messages.

Note: If the message version is not the same as specified, then you can change the message version.

  1. In PeopleSoft Internet Architecture, expand PeopleTools, Integration Broker, Integration Setup, and then click Service Operations.

  2. On the Find Service Operation tab, enter USER_PROFILE in the Service field, and then click Search.

  3. Click the USER_PROFILE link.

  4. In the Default Service Operation Version region, click Active. The following screenshot displays the default version of the USER_PROFILE service operation:

    USER_PROFILE Service Operation

  5. Click Save.

Verify the Queue Status for the USER_PROFILE Service Operation

All messages in PeopleSoft are sent through a queue. Queues ensure that the messages are delivered in the correct sequence. Therefore, you must ensure that the queue is in a Run status.

To ensure that the USER_PROFILE status of the queue for the service operation is Run:

  1. In the PeopleSoft Internet Architecture window, expand PeopleTools, Integration Broker, Integration Setup, and then click Queues.

  2. Search for the USER_PROFILE queue.

  3. In the Queue Status list, ensure that Run is selected. If it is not, from the Queue Status list, select Run and click Save.

    Queue Status

  4. Click Return to Search.

Set Up the Security for the USER_PROFILE Service Operation

The target system user who has the permission to modify, add, or delete personal or job information of an employee might not have access to send messages regarding these updates. Therefore, it is imperative to explicitly grant security to enable operations.

  1. In the PeopleSoft Internet Architecture window, expand NavBar, Navigator, PeopleTools, Integration Broker, Integration Setup, and then click Service Operations.

  2. Search for and open the USER_PROFILE service operation.

  3. On the General tab, click the Service Operation Security link. The link is shown in the following screenshot:

    Operation Security Link

  4. Attach the permission list IDCSUM to the USER_PROFILE service operation.

    To attach the permission list:

    Note: This procedure describes how to grant access to the IDCSUM permission list. The IDCSUM permission list is used as an example. However, to implement this procedure you must use the permission list (attached through a role) to the user profile of the actual user who maintains the user profile information or the user who performs full reconciliation.

    a. Click the plus sign (+) to add a row to the Permission List field.

    b. In the Permission List field, enter IDCS and then click the Look up Permission List icon. The IDCSUM permission list appears.

    c. From the Access list, select Full Access.

    d. Click Save.

    e. Click Return to Search.

Define the Routing for the USER_PROFILE Service Operation

Routing is defined to inform PeopleSoft about the origin and the intended recipient of the message. You might have to transform the message being sent or received according to the business rules.

  1. On the Routing tab, enter USER_PROFILE_HR_TO_UMFILE as the routing name and then click Add.

    The following screenshot displays the Routing Name field:

    Routing Name

  2. On the Routing Definition tab, enter the following: Sender Node: PSFT_HR

    Note:The Sender Node is the default active local node. To locate the sender node:

    a. Click the Lookup icon.

    b. Click Default to sort the results in descending order.

    The default active local node should meet the following criteria:

    • Local Node: 1
    • Default Local Node: Y
    • Node Type: PIA

      Only one node can meet all the above conditions at a time.

    c. Select the node. For Receiver Node, enter IDCS_FILE_NODE.

    d. Click Save.

    The following screenshot displays the Sender and Receiver nodes:

    Routing Definitions

  3. Click Save.
  4. Click Return to go back to the Routings tab of the Service Operation, and verify whether your routing is active.

Generate XML Files

If you are using PeopleTools 8.50 and HCM 9.0, then before running Full Data Publish, you must apply the patch that addresses issue 824529. This patch can be downloaded from My Oracle Support.

You must run the Application Engine program if you are performing the full reconciliation for the first time.

  1. In PeopleSoft Internet Architecture, expand Enterprise Components, Integration Definitions, Initiate Processes, and then click Full Data Publish.
  2. Click the Add a New Value tab.
  3. In the Run Control ID field, enter a value and then click ADD.
  4. In the Process Request region, provide the following values:
    • Request ID: Enter a request ID.
    • Description: Enter a description for the process request.
    • Process Frequency: Select Always.
    • Message Name: Enter USER_PROFILE as the message name.
  5. Click Save to save the configuration.

  6. Click Run. The following screenshot displays the preceding steps:

    Full Data Publish

    The Process Scheduler Request page appears.

  7. From the Server Name list, select the appropriate server.

  8. Select Full Table Data Publish process list, and click OK. The following screenshot displays the Process Scheduler Request page:

    Process Scheduler Request

  9. Click Process Monitor to verify the status of EOP_PUBLISHT Application Engine. The Run Status is Success if the transaction is successfully completed. On successful completion of the transaction, XML files for the USER_PROFILE message are generated at a location that you specified in the FilePath property while creating the IDCS_FILE_NODE node for PeopleSoft Web Server. See Configure PeopleSoft Integration Broker for more information.

    Copy these XML files to a on the Oracle Identity Cloud Service host computer. Ensure that the permissions for these XML files are sufficiently restrictive. By default, the permissions are set to 644. You can set them to 640.

    After you have performed this procedure:
    • Remove the permission list created in Set Up the Security for the USER_PROFILE Service Operation section. This is for security purposes.
    • Disable the USER_PROFILE_HR_TO_UMFILE routing created in Define the Routing for the USER_PROFILE Service Operation. To do so, clear the Active check box in Step 2 of the procedure.
Run the Application Engine Program

You can run the Application Engine program by using PeopleSoft Internet Architecture to perform Lookup Reconciliation.

Note: You must run the Application Engine program periodically.

  1. Open a Web browser and enter the URL for PeopleSoft Internet Architecture. The URL is in the following format: http://IPADDRESS:PORT/psp/ps/?cmd=login. For example: http://172.21.109.69:9080/psp/ps/?cmd=login.

  2. Click People Tools, Process Scheduler, Processes, and then Add a new Value.

  3. Select Application Engine as the process type, and enter LOOKUP_RECON as the process name.

  4. Click Add.

  5. In the Process Definition Options tab, enter the following values for Component and Process Groups, and click Save.
    • Component: AE_REQUEST
    • Process Groups: TLSALL, STALL
  6. To make the Application Engine program run in PeopleSoft Internet Architecture, click People Tools, Application Engine, Request AE, and then click Add a new Value.

  7. Enter values for the following and then click Add:
    • User ID: Enter your User ID
    • Run Control ID: Enter a unique run control value
    • Program Name: Enter LOOKUP_RECON
  8. Click Run.
  9. From the list that is displayed, select the LOOKUP_RECON process, which you created in Step 3.
  10. Click OK.

  11. To determine the progress status of the Application Engine program, click People Tools, Process Scheduler, and then Process Monitor. Click Refresh until Success message is displayed as the status.

Note: If Status is displayed as Queued, then you must check the status of the process scheduler. To do so, click People Tools, Process Scheduler, and then Process Monitor. Click the Server List tab and check the status of the server. If the status is not displayed, then start the process scheduler.

Enable and Associate Provisioning Bridge to the Oracle PeopleSoft App

Assign the Provisioning Bridge that you installed and configured to the on-premises Oracle PeopleSoft app in Oracle Identity Cloud Service. This bridge serves as a provisioning and synchronizing agent between Oracle Identity Cloud Service and the app.

Note: You installed and configured a Provisioning Bridge in Oracle Identity Cloud Service and you added the Oracle E-Business Suite app to Oracle Identity Cloud Service.

  1. In the Identity Cloud Service console, expand the Navigation Drawer, and then click Applications.

  2. Click the Oracle E-Business Suite app that you added in Prerequisite Steps.

  3. Click Provisioning.

  4. Turn on the Enable Provisioning switch.

  5. In the Confirmation window, click OK.

  6. From the Associate with Provisioning Bridge list, select the Provisioning Bridge that you installed and configured in Prerequisite Steps. Note: If the Provisioning Bridge has an inactive status, then activate it. See Activate Provisioning Bridges.

  7. In the Configure Connectivity section, use the following table to configure connectivity for establishing a connection with the Oracle E-Business Suite app:

    Parameter Value
    Username Enter the user name of the Oracle PeopleSoft user that you created in Create a User in Oracle PeopleSoft.
    User Password Enter the password of the Oracle PeopleSoft user that you created.
    URL PeopleSoft domain URL.
    Domain Password Application server connection password used for Integration Broker settings.
    DelCompIntfcKey Name of the component interface used for delete operations. i.e. DELETE_USER_PROFILE. When a user profile is deleted in PeopleSoft, the DELETE_USER_PROFILE message is triggered from PeopleSoft to delete the corresponding provisioned resource in Oracle Identity Cloud Service.
    RwCompIntfcKey Name of the component interface used for create and update operations i.e. USER_PROFILE_8_4X.
    XML Mapping Enter the path to the PeopleSoft Component Interface map definition file. This file contains the definitions used by the connector for various operations.
    Path to read Files Path of the user_profle data file.
    Object Classes Supported Object classed, for example:
    __CURRENCYCODE__=currencycodes.properties
    __LANGUAGECODE__=language.properties
    __PERMISSIONLIST__=permission.properties
    __ROLES__=roles.properties
    __ACCOUNT__= /psftuserfile
    Data Node Names Name of the node in the XML files to run a transaction.
    Default value: Transaction
    You must not change the default value.
    Ignore root audit action Use this value if the Root PSCAMA audit action is required to be considered while parsing the XML message. By default its value is NO.
    Use Yes if PSCAMA Audit Action is not taken into account. Here, the Root Audit Action is considered as a Change event.
    Use No if PSCAMA Audit Action is taken into account. If Root PSCAMA Audit Action is NULL or Empty, then the Root Audit Action is considered as an ADD event.
    Target Date Format Data format of the Date type data in the XML file and messages i.e. yyyy-MM-dd.
  8. Click Test Connectivity to verify the connection with the Oracle PeopleSoft app. Oracle Identity Cloud Service displays a confirmation message.

  9. To view predefined attribute mappings between the users in Oracle Identity Cloud Service and users in Oracle PeopleSoft, click Attribute Mapping, and then click OK.

  10. Use the following table to see the default attribute mappings when users are provisioned from Oracle Identity Cloud Service to Oracle PeopleSoft.

    Oracle Identity Cloud Service User Oracle PeopleSoft User
    $(user.userName) Name
    $(user.emails[primary=true].value) emailAddress
    $(user.active) active
  11. To add a new attribute mapping, click Add Row, specify the attributes in the User and Oracle PeopleSoft - User Management Account columns, and then click OK. For example, if you want to add the External ID user attribute, then enter $(user.externalId) in the User column, and then select the corresponding Oracle E-Business User field from the drop-down list in the Oracle PeopleSoft - User Management Account column.

  12. Specify the provisioning operations that you want to enable for Oracle PeopleSoft Suite:
    • Create Account: Automatically creates an Oracle PeopleSoft account when Oracle PeopleSoft access is granted to the corresponding user in Oracle Identity Cloud Service.
    • Update Account: Automatically updates an Oracle PeopleSoft account when the corresponding user is updated in Oracle Identity Cloud Service.
    • De-activate Account: Automatically activates or deactivates the Oracle PeopleSoft account when the corresponding user is activated or deactivated in Oracle Identity Cloud Service.
    • Delete Account: Automatically revokes an account from Oracle PeopleSoft when Oracle PeopleSoft access is revoked from the corresponding user in Oracle Identity Cloud Service.
  13. Turn on the Enable Synchronization switch.

  14. From the User Identifier drop-down list, select the Oracle Identity Cloud Service user attribute that you want to match with the corresponding record fetched from Oracle PeopleSoft Suite:
    • Primary Email Address: Primary email address of the Oracle Identity Cloud Service user.
    • User Name: User name of the Oracle Identity Cloud Service user. Note: By default, the Primary Email Address option is selected from the drop-down list. Leave this default attribute for accurate synchronization of user records.
  15. To match an Oracle PeopleSoft account attribute with the existing Oracle Identity Cloud Service user, select an attribute from the Application Identifier drop-down list. Note: By default, the name option is selected. This option represents the Email attribute of the Oracle PeopleSoft account. Don't change this default option.

  16. From the When exact match is found drop-down list, select one of the following actions to be performed when a matching Oracle Identity Cloud Service user is found for an account:
    • Link and confirm: Automatically links and confirms the matched account to the corresponding Oracle Identity Cloud Service user based on the defined User Identifier and Application Identifier fields.
    • Link but do not confirm: Automatically links all matched accounts to the corresponding Oracle Identity Cloud Service users based on the defined User Identifier and Application Identifier fields. You need to confirm the linked accounts manually.
  17. In the Max. number of creates field, enter a number that's greater than or equal to 10. This value limits the number of accounts to be created during the synchronization run.

  18. In the Max. number of deletes field, enter a number that's greater than or equal to 10. This value limits the number of accounts to be deleted during the synchronization run.

  19. To specify a schedule for the synchronization, from the Synchronization Schedule drop-down list, select Never, Every Hour, Every Day, or Every Week. You can manage Oracle E-Business Suite user accounts through Oracle Identity Cloud Service. For more information on performing provisioning tasks, see Manage Oracle Identity Cloud Service Users and Manage Oracle Identity Cloud Service Groups.

  20. Click Save, Activate, and then, in the Confirmation window, click OK. Oracle Identity Cloud Service displays a confirmation message.

Synchronize Data from Oracle PeopleSoft to Oracle Identity Cloud Service

In this section, you synchronize user accounts from Oracle PeopleSoft and link them to the corresponding Oracle Identity Cloud Service users. You also synchronize roles and permission lists for the accounts from Oracle PeopleSoft to Oracle Identity Cloud Service.

  1. In the Oracle PeopleSoft app that you added in Prerequisite Steps, click the Import tab.

  2. Click the Import button. If this button is grayed out, then click the Provisioning tab and verify that both Enable Provisioning and Enable Synchronization are turned on, and that the Oracle PeopleSoft Suite app is activated.

  3. Verify that you see a status of Running for the job that Oracle Identity Cloud Service uses to synchronize users and roles from Oracle PeopleSoft Suite. After all users and roles are synchronized, the Import tab lists the Oracle PeopleSoft user accounts and the job status changes to Success.

    If you don't see the status change after a few minutes, then click Refresh. Also, if the status of the job is Failed, then an error occurred while the Provisioning Bridge was transferring users and roles from Oracle PeopleSoft Suite to Oracle Identity Cloud Service.

  4. Oracle Identity Cloud Service tries to match each Oracle PeopleSoft Suite user account with an existing user in Oracle Identity Cloud Service. If a user exists, then the user is assigned to the Oracle PeopleSoft Suite app. If the user doesn't exist, then from the Actions column of the Import tab, you can perform one of the following actions:
    • Assign Existing User: Assign the Oracle PeopleSoft user account to any user in Oracle Identity Cloud Service.
    • Create New User and Link: Add a new user to Oracle Identity Cloud Service, and then assign the Oracle PeopleSoft user account to this newly created user.

Provision and Synchronize a User's Roles and Permission Lists

Use Oracle Identity Cloud Service to provision Oracle PeopleSoft roles and Permission list for a user that you synchronized from Oracle PeopleSoft. Then, you assign additional roles and permission list for the user in Oracle PeopleSoft, and synchronize these roles and permission list into Oracle Identity Cloud Service. The state of the user's roles and permission list is synchronized between Oracle PeopleSoft and Oracle Identity Cloud Service.

  1. In the Oracle PeopleSoft app that you added, click the Users tab.

  2. Click the Action menu to the right of the user to which you want to provision roles and permission list, and then select Edit from the menu that appears.

  3. In the Assign Application window:

    a. Click the Roles field, and then select a role that you want to provision to the user.

    b. Click the Permission List field, and then select a responsibility for the user.

    c. Click Save.

    Note: By clicking Save, Oracle Identity Cloud Service provisions the user with the role and responsibility you selected.

  4. Access the Oracle PeopleSoft console as an administrator.

  5. From the Navigation Drawer of the console, click User Management, and then click Users. The Users page appears.

  6. In the User Name field, enter the user name of the Oracle PeopleSoft user to which you provisioned a role and responsibility, and then click Go.

    Tip: Instead of entering the full user name, you can enter part of the user name, and then enter % as a wildcard character.

  7. Click the Update icon to the right of the user name.

  8. Verify that in the Roles tab of the Users page, the role and responsibility that you provisioned for the user appear.

    Both the role and responsibility have a status of Assigned.

  9. Click Assign Roles.

  10. In the Search and Select: Assign Roles window:

    a. Enter the name of the role or permission list that you want to assign to the user, and then click Go.

    b. Select the check box to the left of the role and permission list, and then click Select.

  11. In the Justification field of the Roles tab, enter a reason why the user is to have access to the role or responsibility, click Save, and then click Apply.

  12. In the Identity Cloud Service console, click the Import tab of the Oracle E-Business Suite app.

  13. Click the Import button.

  14. Verify that you see a status of Running for the job that Oracle Identity Cloud Service uses to synchronize users, roles, and responsibilities from Oracle PeopleSoft.

  15. After the status of the job changes from Running to Success, click the Users tab, click the Action menu to the right of the user that you synchronized a role or responsibility from Oracle E-Business Suite, and then select Edit from the menu that appears. Note: If you don't see the job status change to Success after a few minutes, then click Refresh.

  16. In the Assign Application window, verify that you see the role or responsibility that you assigned to the user in Oracle E-Business Suite.

    The state of the user's roles and responsibilities is synchronized between Oracle E-Business Suite and Oracle Identity Cloud Service.

  17. Close the Assign Application window.

Revoke a User's Roles and Permission List

Use both Oracle Identity Cloud Service and Oracle PeopleSoft to revoke the roles and permission list of an Oracle PeopleSoft user.

  1. In the Oracle PeopleSoft app that you added, click the Action menu to the right of the user to which you want to revoke roles and permission list, and then select Edit from the menu that appears.

  2. In the Assign Application window, click the X button for the role and responsibility that you want to revoke from the user, and then click Save.

    By clicking Save, Oracle Identity Cloud Service revokes the role and responsibility from the user.

  3. In the Users page of the Oracle PeopleSoft console, use the User Name field to enter the user name of the Oracle PeopleSoft user to which you revoked the role and responsibility, and then click Go.

  4. Click the Update icon to the right of the user name.

  5. Verify that in the Roles tab of the Users page, the status of both the role and responsibility that you revoked for the user has changed from Assigned to Inactive.

    In Oracle E-Business Suite, revoking the access that a user has to a role or responsibility doesn't remove the role or responsibility from the console. This is done for auditing and compliance purposes.

  6. Click the carat to expand the role or responsibility that still has a status of Assigned.

  7. In the Active To field, enter today's date, click Save, and then click Apply.

    By entering today's date in the Active To field, you're revoking the access that the user has to the role or responsibility.

  8. In the Identity Cloud Service console, click the Import tab of the Oracle E-Business Suite app.

  9. Click the Import button.

  10. Verify that you see a status of Running for the synchronization job.

  11. After the status of the job changes from Running to Success, click the Users tab, click the Action menu to the right of the user that you revoked a role or responsibility from Oracle E-Business Suite, and then select Edit from the menu that appears.

    If you don't see the job status change to Success after a few minutes, then click Refresh.

  12. In the Assign Application window, verify that you no longer see the role or responsibility that you revoked from the user in Oracle E-Business Suite.

    The state of the revocation of the user's roles and responsibilities is synchronized between Oracle E-Business Suite and Oracle Identity Cloud Service.

  13. Close the Assign Application window.

Revoke a User

Use Oracle Identity Cloud Service to revoke a user's access to Oracle PeopleSoft, and then verify in Oracle PeopleSoft that the user's access is revoked.

  1. In the Oracle PeopleSoft app that you added, select the check box to the right of the user that you want to revoke from Oracle PeopleSoft, and then click Revoke.

  2. In the Confirmation window, click OK.

  3. In the Users page of the Oracle PeopleSoft console, use the User Name field to enter the user name of the Oracle PeopleSoft user to which you revoked access, and then click Go.

  4. Verify that the user's status is Inactive.

Troubleshooting

Use this section to locate solutions to common integration issues.

For any issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.