13User Management

This chapter contains the following:

Overview of Managing Users

This chapter describes user management tasks you have to perform on an on-going basis. These tasks include:

  • Resetting passwords for users

  • Assigning different resource roles to users when they change jobs within the organization or are promoted

  • Terminating user accounts when users leave the organization

  • Acting as a proxy for users so you can troubleshoot issues

Note: Users can request new passwords by selecting the Forgot Password link on the application Sign In page, or by selecting the Password option on the Preferences page (Settings and Actions > Set Preferences).

This chapter describes how to perform these and other user management tasks using the sales application UI. However, you can also use file import functionality to perform user management tasks such as:

  • Making changes to employee resource information, for example, name or e-mail address

  • Enabling or disabling user accounts

  • Making promotion, demotion, or transfer updates for an employee resource

For additional information, see the chapter about importing employee resources in the guide Understanding File-Based Data Import and Export at http://docs.oracle.com.

Reset Passwords for Users

Setup users, who are provisioned with the IT Security Manager job role, can use the Users tab in the Security Console work area to reset passwords for all application users.

Note: Users who cannot access the Security Console can only reset their own passwords by clicking the Set Preferences link in the Settings and Actions menu (available by clicking your user name) or by using Forgot Password on the sign-in page.

To reset a user's password in the Security Console:

  1. In the Setup and Maintenance work area, go to the following:

    • Offering: Sales

    • Functional Area: Users and Security

    • Task: Manage Applications Security Preferences

  2. In the Security Console, you can ignore and close any warnings regarding the scheduling of the Import Users and Roles Application Security Data job.

  3. Click the Users tab.

  4. On the User Accounts page, search for the user using one of the following:

    • First or last name, but not both

    • User name

  5. From the Action menu for the user, select Reset Password.

    The Reset Password window is displayed.

  6. If you want the application to send an email to users with a link that they can use to create their own passwords, then select the Automatically generate password option.

  7. To reset the password yourself, do the following:

    1. Select the Manually change the password option.

    2. Enter the new password twice.

    Note: The option to reset a password to an automatically generated value is always available. To enable the manual-reset option, you must select the option Administrator can manually reset password on the Password Policy subtab of the User Categories page on the Security Console.
  8. Click Reset Password.

Change a User's Email Address

Use the Users tab in the Security Console work area to change email addresses for sales users. If you're updating their email addresses, then you can also use the same import process you use to create them.

Note: This procedure may not work for changing email addresses of users external to the sales organization, such as partners. Check the appropriate documentation.
  1. Navigate to the Security Console.

  2. Click the Users tab.

  3. Search for the user using one of the following:

    • First or last name, but not both

    • User name

  4. Click the user name link.

  5. On the User Account Details window, click Edit.

  6. In the Edit User Account window, edit the email address.

    Note: Don't edit any of the other information available on the Edit User Account page. Use the Manage Users task instead.
  7. Click Save and Close.

Change User Names

User names are automatically generated in the enterprise default format when you create a new user if you don't manually specify a user name. The default format is the user's email address, but this value can be overridden for the enterprise. For example, you might choose to use first name.last name as the default format. You can also manually override an individual user's existing user name as described in this topic.

Existing User Names

To change an existing user name, sign in to the application as a setup user, then perform the following steps:

  1. Select Navigator > My Team > Users and Roles to open the Search Person page.

    You can also search for the Manage Users task in the Setup and Maintenance work area.

  2. Search for and select the user whose user name you want to change.

    The Edit User page for the user opens.

  3. In the User Details region, enter the new user name in the User Name field.

    You can enter the user name in any format you choose.

  4. Click Save and Close.

    The updated name is sent automatically to your LDAP directory server.

Tip: When you change an existing user name on the Edit User page, the user's password and roles remain the same. However, the user doesn't receive an automatic notification of the change. Therefore, it's recommended that you send details of the updated user name directly to the user.

Change User Resource Roles When Job Assignments Change

If an employee takes on a different role within the company, for example, if the employee is promoted, then you must update the resource role assigned to the employee. Changing the resource role assigned to an employee involves the following steps:

  • Assigning the user a new resource role that corresponds to the new assignment, for example, Sales Manager.

  • Setting an end date for the old resource role, for example, Salesperson.

If the employee's new role also involves a change in the user's resource organization, for example, if the user is promoted to a management role from a non-management role, you must also change the user's organization membership.

You can make changes to role assignments using either file import functionality or using the Sales UI. Although importing changes takes care of many tasks that you have to perform manually in the UI, if you are updating resource role information for an individual user, then using the UI can be more efficient.

The following procedure describes how to update role information in the UI for a user who is promoted from a sales representative role to a sales manager role.

  1. Sign in to the application as the sales administrator or as a setup user.

  2. Select Navigator > My Team > Users and Roles to open the Search Person page.

  3. Search for and select the user who is being promoted. The Edit User page for the user opens.

  4. In the Resource Information region, do the following:

    1. In the Resource Role field, add the new resource role for the user, for example, Sales Manager.

    2. In the Reporting Manager field, update the user's manager.

    3. In the Organization field, specify the user's resource organization.

      You must create a resource organization for every manager in your Sales organization. If you haven't created a resource organization for the new manager, then you can create one by clicking the Create link from the end of the Organization list. The Create Organization dialog box is displayed allowing you to enter a new organization name.

    4. To automatically provision any roles provided by the new resource role you just assigned the user, click the Autoprovision Roles button in the Resource Information section.

    5. Click Save and Close.

  5. Set an end date for the user's old resource role as follows:

    1. Form the Navigator menu, select Directory > Resource Directory.

    2. In the Tasks area of the Resource Directory page, select View Resources.

    3. On the View Resources page, search for and select the user.

      The Resource page for the user opens.

      Note that the user is assigned the new resource organization you previously created.

    4. Click the Roles tab, and in the Roles list, select the current role assigned to the user, for example, Salesperson, and enter an end date in the To Date field.

      The value you enter is the date the user's assignment in the current role ends.

    5. Click Save and Close.

Note: When you promote a user from one management position to another, for example, from a Sales Manager role to a Sales VP role, then the resource hierarchy is maintained provided that the promoted user's resource organization does not change. That is, any users who reported to the Sales Manager continue to report to the same individual when he or she is promoted to the Sales VP role. If the promoted user's resource organization does change upon the promotion, the user's reports must be reassigned to a new manager.

Terminate User Accounts

This topic describes how to terminate a user account when an employee leaves your company. You cannot delete a sales user account using the Security Console. However, when an employee leaves your company, you can suspend the user account by completing the following steps in the Manage Users and Manage Resources work areas:

  1. Perform either one of the following tasks:

    • Inactivate the user's account.

    • Remove the user's roles.

  2. Set an end date for the resource.

The process outlined in this topic applies if you are using only Oracle Engagement Cloud. If your company uses Oracle HCM Cloud along with Oracle Engagement Cloud, then a different process applies.

Note: When you deactivate a user account, the user record is not deleted from the application. You can still view a deactivated user's record in the Manage Users work area.

Inactivating a User Account

When an employee leaves your company, in most cases it is recommended that you inactivate the user account. Inactivating the user's account prevents the user from being able to log in to the application.

To inactivate a user account, perform the following steps:

  1. Select Navigator > My Team > Users and Roles to open the Search Person page.

  2. On the Search Person page, search for and select the user whose account you want to inactivate. The Edit User page for the user opens.

  3. In the User Details section, in the Active field, select Inactive.

  4. Click Save and Close.

Removing Roles from a User

Instead of inactivating the user account, you can remove some or all of the roles assigned to the user. You might want to do this if you want to keep some roles active. For example, maybe you want to keep the user account valid to allow the user access to specific pages you have created.

To selectively remove roles from a user, perform the following steps:

  1. Navigate to the Search Person page as described in the previous task.

  2. Search for and select the user whose roles you want to remove.

    The Edit User page for the user opens.

  3. In the Current Roles section, select the role you want to remove, then click the Remove icon. Repeat this process for each role assigned to the user that you want to remove.

  4. Click Save and Close.

Setting an End Date for the Resource

After you have either inactivated a user account or removed the roles assigned to a user account, you must set an end date for the resource (user) as described in this topic.

Note: You can also set the end date for an employee in the Resource Directory which you can access from the Navigator menu.

To set the end date for a user, perform the following steps:

  1. In the Setup and Maintenance work area, go to the following:

    • Offering: Sales

    • Functional Area: Users and Security

    • Task: Manage Resources

  2. On the Manage Resources page, search for and select the resource you want to edit. The Resource page for the individual opens.

  3. With the Organization tab selected, select the Edit option from the Actions menu.

    The Edit Organization Membership page opens.

  4. In the To Date field, enter the date the individual is leaving the company.

  5. Click Save and Close.

When the end date you specify for a resource arrives, the following occurs:

  • The terminated employee is no longer available in the application so can no longer be newly associated with any Sales objects, such as sales account, territory, lead, and opportunity. The user's association with Sales objects made before the end date are not automatically removed but you can remove them manually.

  • Resource roles for the individual are deprovisioned.

  • If the terminated individual had any reports, they are reassigned to his or her manager.

FAQs for Terminating Users

How are the records of a terminated employee reassigned?

After you terminate an employee in the application, the assignment process automatically excludes the terminated user when it runs again. However, you have to manually handle other reassignments, for example, replacing the terminated user with another user on the territory team or sales account team. For specific types of records, such as lead records or opportunity records, you can also use the Mass Transfer tool to transfer records from a terminated resource to another resource.

Can I reactivate a terminated employee record?

Yes. After you have specified an end date for a resource, you can't reverse it in the sales application. However, the former employee's record remains in the application so you can again identify that person as a resource if the person is rehired. After identifying the person, you must assign roles and an organization again.

How can I notify users of their user names and passwords?

You can run the Send User Name and Password Email Notifications process in the Scheduled Processes work area. For users for whom you haven't so far requested an email, this process sends out user names and reset-password links. The email goes to the work email of the user or the user's line manager. You can send the user name and password once only to any user. A notification template for this event must exist and be enabled.

Impersonation and Proxy Users

Privileges Required by Proxy Users

The impersonation functionality in the sales application allows you to designate another user as a proxy to sign in to the application and perform tasks on your behalf. For example, a channel manager might want to log into the Partner Portal as a partner user to resolve a query relating to the UI pages or data.

Channel managers do not require a partner user's permission to impersonate the partner user. To implement impersonation in all other cases, however:

  • The user must explicitly designate another user as his or her proxy.

  • The designated user must have the privileges required to act as a proxy.

Impersonate User Privilege

You can select a user to act as your proxy only if the user has the privilege required to be a proxy, that is, the Impersonate User privilege. The following job roles are assigned the Impersonate User privilege by default; therefore, users assigned these job roles can act as proxies for other users:

  • Channel Account Manager

  • Channel Operations Manager

You can enable other groups of users to act as proxies by creating a copy of the job role assigned to the users and adding the Impersonate User privilege to the copied custom role.

Note: When deciding whether or not to assign the Impersonate User privilege to an additional job role, be aware that a proxy user can access all the same data and tasks as the user they impersonate.

Configure Impersonation Auditing

The impersonation functionality allows users to temporarily designate another user as a proxy to sign in to the application on their behalf. A proxy user has the same privileges as the impersonated user and has access to all of the impersonated user's personal data. By default, therefore, auditing of proxy user sessions is enabled, even when auditing is disabled for the application. An audit record tracks the user name of the proxy and any transactions performed.

Auditing of proxy sessions is recommended but, if appropriate for your environment, you can disable impersonation auditing by changing the default value of the site-level profile option Audit Impersonation Transaction Enabled.

Note: A number of database tables aren't enabled for impersonation transaction auditing. If impersonation auditing is enabled, proxy users can't save transactions that result in changes to the data in those tables. If the administrator disables impersonation auditing using the Audit Impersonation Transaction Enabled profile option, proxy users can change the data in any tables, whether or not the tables are enabled for impersonation auditing.

For additional information about auditing in the sales application, including information about the objects that can be enabled for auditing, see the Implementing Sales guide on Oracle Help Center at http://docs.oracle.com/.

Configuring Impersonation Auditing

The following procedure describes how to enable or disable impersonation auditing functionality by changing the value of the Audit Impersonation Transaction Enabled profile option.

  1. In the Setup and Maintenance work area, go to the following:

    • Offering: Sales

    • Functional Area: Sales Foundation

    • Task: Manage Administrator Profile Values

  2. On the Manage Administrator Profile Values page, in the Search: Profile Option section, enter Audit Impersonation Transaction Enabled in the Profile Display Name field.

  3. Click Search.

  4. In the Search Results list, select FND_AUDIT_IMPERSONATION_TRANSACTIONS.

  5. In the FND_AUDIT_IMPERSONATION_TRANSACTIONS: Profile Values section, select the Site Profile level and et the value of the Profile Value field to either Yes or No.

  6. Click Save and Close.