1. Securing ERP
  2. User Account Attribute Mapping

User Account Attribute Mapping

After you install and configure the bridge, map the user account attributes between Oracle Applications Cloud and Microsoft Active Directory. Only when the mapping is complete, you can initiate the initial synchronization of users between the source and target applications.

Caution: Don't use Active Directory Bridge with SSO Chooser enabled, as it will cause synchronization issues. If you sign in to Oracle Applications Cloud locally and create new users, they won't reflect in the Active Directory after synchronization.

Map the following user attributes:

  • User account attributes

  • Advanced user account attributes

  • Group attributes

Mapping User Attributes

The following attributes of an Oracle Fusion Applications user account are mapped to the corresponding attributes of an Active Directory user account:

  • displayName: Display name of the user account

  • emails.value: Primary email associated with the user account

  • name.familyName: Last name of the user

  • name.givenName: First name of the user

  • userName: User name associated with the user account

During synchronization, the attribute values from the source are copied to the mapped target attributes. Some Active Directory attributes have size restrictions. For example, length of the sAMAccountName attribute is limited to 20 characters when used as a user attribute and can be up to 64 characters when used to name groups. Synchronization will fail if the user name has a larger value than the Active Directory attribute configured.

The following table lists a typical mapping of attributes when Oracle Fusion Application is the source.

Oracle Cloud Application as Source

Microsoft Active Directory as Target

emails.value

Mail

Username

cn

displayName

displayName

name.familyName

sn

name.givenName

givenName

UserName

userPrincipalName

UserName

sAMAccountName

The following table lists a typical mapping of attributes when Microsoft Active Directory is the source.

Microsoft Active Directory as Source

Oracle Cloud Applications as Target

Mail

emails.value

sAMAccountName

UserName

displayName

displayName

givenName

name.givenName

sn

name.familyName

On the Security Console, click Administration > Bridge for Active Directory tab > User Attribute Mappings. Click Add to add or update the mapping between attributes of the source and target applications.

Mapping Advanced Attributes

Use this option when Active Directory is the source. Select Synchronize User Status to enable the account status, such as Disabled, to propagate to Oracle Applications Cloud.