1. Securing ERP
  2. Prepare Oracle Applications Cloud to Connect with Microsoft Active Directory

Prepare Oracle Applications Cloud to Connect with Microsoft Active Directory

Follow this procedure to configure the Bridge for Microsoft Active Directory. Sign in to Oracle Applications Cloud environment as an administrator with the IT Security Manager (ORA_FND_IT_SECURITY_MANAGER_JOB) role.

  1. Click Navigator > Tools > Security Console.

  2. On the Administration page, click the Bridge for Active Directory tab.

  3. Click Configuration.

  4. Expand the Base Configuration section and provide the following details:

    Field

    Description

    Source of Truth

    Select the source, such as Oracle Fusion Applications or Active Directory.

    Synchronization Interval (Hours)

    Enter the time interval (in hours) that the bridge uses to begin synchronization automatically. The default value is 1 hour.

    Synchronization Paging Size

    Enter the number of accounts that are synchronized in a single operation. The default value is 100 records.

    Synchronization Error Threshold

    Enter the maximum number of errors that can occur during synchronization. When the limit is reached, synchronization fails and stops. By default, synchronization stops after 50 errors have occurred.

    Scheduler

    Specify whether you want to automatically schedule synchronizations. If enabled, the synchronizations will run automatically as per the specified schedule and interval.

    Role Integration

    Specify whether you want to use role integration. It is applicable when Active Directory is the source. When enabled, the synchronization will read groups the users are directly or indirectly assigned to in Active Directory. If a user has been assigned to or removed from a group of the group mapping, the corresponding user in Oracle Applications Cloud will be added to or removed from the corresponding mapped role in Oracle Applications Cloud.

    Reset APPID Password

    Enter a new password. During synchronization, this password is used by the bridge to connect to Oracle Applications Cloud.

  5. Expand the Logging Configuration section and provide the following details:

    Field

    Description

    File Name

    Enter the name of the log file. This file is created in the Active Directory folder on the computer where the Active Directory bridge is installed. The default value is ad_fa_synch.log

    Log Level

    Specify the level at which messages must be logged during synchronization. The default level is set to Information.

    Maximum Log Size

    Specify the maximum size of the log file. The default value is 4 GB. When the maximum size is reached, a new log file is created.

  6. Expand the Active Directory Configuration section and provide the following details. The bridge uses this information to connect to the Active Directory server.

    Field

    Description

    Host

    Enter the host address of the Active Directory server.

    Port

    Enter the port of the Active Directory server. The default non-SSL port is 389.

    Enable SSL

    Select this option for secure communication with the Active Directory server. When you select this option, the default port changes to 636.

    Synchronization Strategy

    Select the algorithm that must be used for synchronization. You can select Directory Synchronization or Update Sequence Number. The default value is Directory Synchronization.

    Note: If you change the sequence number after the initial configuration, the synchronization process resets.

    User Base DN

    Enter the distinguished name of the location in your Active Directory where the user accounts are created or retrieved by the bridge.

    Search Base

    Enter the same value as the User Base DN.

    User Search Filter

    Enter the LDAP query that's used by the bridge to retrieve the user account objects from the Active Directory. For example, (&(objectClass=user)(!(objectClass=computer))).

    Group Base DN

    Enter the distinguished name of the location in your Active Directory from where the bridge fetches the groups.

    Note: This field is applicable only when Active Directory is the source.

    Group Search Filter

    Enter the LDAP query that's used to fetch roles from your Active Directory server. For example, (objectClass=group).

    Note: This field is applicable only when Active Directory is the source.

  7. Expand the Network Proxy Configuration section and provide the details.

    Note: Provide these details only when Active Directory is the source, and the bridge uses a proxy to connect to the Active Directory server.

    Field

    Description

    Enable Proxy Settings

    Select this option to enable communication through a proxy between Oracle Applications Cloud and your Active Directory bridge. Use this option when you need to connect from an isolated network host.

    Host

    Enter a host name and address for the proxy.

    Port

    Enter a port for the proxy.

    Enable SSL

    Select this option for secure communication with the proxy.

  8. Expand the Heartbeat section and update the following details.

    Field

    Description

    Heartbeat Interval

    Enter the time interval, in seconds, at which heartbeat notifications are sent from the bridge to Oracle Applications Cloud to signal that the bridge is active. It is set to 60 seconds by default.

  9. Click Save and click OK.