User Account Attribute Mapping
After you install and configure the bridge, map the user account attributes between Oracle Applications Cloud and Microsoft Active Directory. Only when the mapping is complete, you can initiate the initial synchronization of users between the source and target applications.
Don't use Active Directory Bridge with SSO Chooser enabled, as it will cause synchronization issues. If you sign in to Oracle Applications Cloud locally and create new users, they won't reflect in the Active Directory after synchronization.
Map the following user attributes:
-
User account attributes
-
Advanced user account attributes
-
Group attributes
Mapping User Attributes
The following attributes of an Oracle Fusion Applications user account are mapped to the corresponding attributes of an Active Directory user account:
-
displayName
: Display name of the user account -
emails.value
: Primary email associated with the user account -
name.familyName
: Last name of the user -
name.givenName
: First name of the user -
userName
: User name associated with the user account
During synchronization, the attribute values from the source are copied to the mapped target attributes. Some Active Directory attributes have size restrictions. For example, length of the sAMAccountName attribute is limited to 20 characters when used as a user attribute and can be up to 64 characters when used to name groups. Synchronization will fail if the user name has a larger value than the Active Directory attribute configured.
The following table lists a typical mapping of attributes when Oracle Fusion Application is the source.
Oracle Cloud Application as Source |
Microsoft Active Directory as Target |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The following table lists a typical mapping of attributes when Microsoft Active Directory is the source.
Microsoft Active Directory as Source |
Oracle Cloud Applications as Target |
---|---|
|
|
|
|
|
|
|
|
|
|
On the Security Console, click Administration > Bridge for Active Directory tab > User Attribute Mappings. Click Add to add or update the mapping between attributes of the source and target applications.
Mapping Advanced Attributes
Use this option when Active Directory is the source. Select Synchronize User Status to enable the account status, such as Disabled, to propagate to Oracle Applications Cloud.