Manage Users in the Fusion Applications Identity Domain

User synchronization between Oracle Fusion Applications and Oracle IAM identity domain is configured by default. All users created in Fusion Applications through Security Console are synchronized frequently with the IAM identity domain. This synchronization enables assigning Fusion Applications users to Fusion Applications identity domain application roles, groups, OCI service instances, and application extensions in that identity domain.

In addition to the users federated and synchronized from Fusion Applications, you can directly create users in the IAM identity domain or federate users from third-party identity providers. You can assign these users to a group and assign that group to application roles. Individual users can also be assigned to application roles. If the IAM identity domain is federated with an external IdP such as Microsoft Azure, then the list of users associated with that external IdP are also maintained in the IAM identity domain.

Caution: Although the IAM identity domain lists all users together, never edit the details of users that are synchronized from Fusion Applications or from other federated third-party identity providers because the user data may become out of sync and interfere with the user assignment.

Caution: Don't edit the Fusion Applications synched groups.