- Title and Copyright Information
- Get Help
- 1 An Introduction to HCM Security in the Cloud
- 2 Creating Implementation Users
- 3 Creating HCM Data Roles for Implementation Users
- Overview of HCM Data Roles for Implementation Users
- Create the HRAnalyst_ViewAll Data Role
- Create the HCMApplicationAdministrator_ViewAll Data Role
- Create the HRSpecialist_ViewAll Data Role
- Create the HCMIntegrationSpecialist_ViewAll Data Role
- Create HCM Data Roles for Workforce Compensation Implementation Users
- Create HCM Data Roles for Global Payroll Implementation Users
- 4 Enabling Basic Data Access for Abstract Roles
- 5 Assigning Roles to Implementation Users
- 6 Setting Up Applications Security
- Overview of Applications Security Setup Tasks
- User-Name Formats
- Password Policy
- Configure a Custom Password Policy
- Enable Multifactor Authentication
- Role Preferences
- User Categories
- Add Users to a User Category
- User-Name and Password Notifications
- How can I enable notifications for pending workers?
- Why don't I see my user name in the forgot password email notification?
- Why don't I see my user name in the forgot user name email notification?
- Create a Notification Template
- Schedule the Import User and Role Application Security Data Process
- Schedule the Import User Login History Process
- Why You Should Run the Send Pending LDAP Requests Process
- Schedule the Send Pending LDAP Requests Process
- Retrieve Latest LDAP Changes
- 7 Managing Location-Based Access
- Overview of Location-Based Access
- How Location-Based Access Works
- Enable and Disable Location-Based Access
- Examples of Location-Based Access in Oracle HCM Cloud
- FAQs for Managing Location-Based Access
- 8 Single Sign-On
- Oracle Applications Cloud as the Single Sign-On (SSO) Service Provider
- Configure Single Sign-On
- FAQs for Single Sign-On
- Does the service provider store user passwords?
- Can I set up an identity provider without enabling it?
- How can I allow my users to sign in using their company's credentials?
- What should I do to extend the validity of certificates provided by the identity provider?
- How can the identity provider obtain renewed certificates from the service provider?
- How can I disable Single Sign-On when I am not signed in to the application?
- What are the different events and notifications associated with the Single Sign-On functionality?
- 9 API Authentication
- Configure Inbound Authentication
- Configure Outbound API Authentication Using JWT Custom Claims
- Configure Outbound API Authentication Using Three Legged OAuth Authorization Protocol
- Enable OAuth Three-Legged Authentication for Creating External Client Application
- Is there a recommended format for the public certificate?
- 10 Export and Import of Security Setup Data
- 11 Preparing for Application Users
- Overview of Preparing for HCM Application Users
- User and Role-Provisioning Setup Options
- User Account Creation Option
- User Account Role Provisioning Option
- User Account Maintenance Option
- User Account Creation for Terminated Workers Option
- Set the User and Role Provisioning Options
- Provision Abstract Roles to Users Automatically
- FAQs for Preparing for Application Users
- 12 Creating Application Users
- 13 Managing Application Users
- Manage HCM User Accounts
- User Names
- Why You Send Personal Data to Identity Store
- How You Manage an Incomplete Request for an HCM User Account
- Link an Existing User Account to a Person Record
- How User Accounts Are Suspended
- How You Manage Application Users on the Security Console
- Create a Custom Role with Limited Access
- Get User Sign-in Sign-out Information
- Provide Read-Only Access
- FAQs for Managing Application Users
- What happens when I autoprovision roles for a user?
- Why did some roles appear automatically?
- Why is the user losing roles automatically?
- Why can't I see the roles that I want to assign to a user?
- What happens if I deprovision a role from a user?
- What's a delegated role?
- What happens if I revoke user access from a person with multiple active work relationships?
- Why does this worker have no user account?
- What happens when I link a user account?
- What happens if I edit a user name?
- What happens when I copy personal data to Identity Store?
- What happens if I send the user name and password?
- What happens if I reset a user's password?
- How can I notify users of their user names and passwords?
- 14 Provisioning Roles to Application Users
- Role Mappings
- Create a Role Mapping
- Examples of Role Mappings
- Role Provisioning and Deprovisioning
- Autoprovisioning
- Manage Roles in Custom OAuth Client Applications Using Application Extensions Page
- Guidelines for Editing Role Mappings
- Best Practices for User and Role Provisioning in HCM
- FAQs for Provisioning Roles to Application Users
- 15 Reporting on Application Users and Roles
- Run the User Details System Extract Report
- User Details System Extract Report Parameters
- User Details System Extract Report
- Person User Information Reports
- User History Report
- View Role Information Using Security Dashboard
- LDAP Request Information Reports
- Inactive Users Report
- User Role Membership Report
- User and Role Access Audit Report
- User Password Changes Audit Report
- View Locked Users and Unlock Users
- FAQs for Reporting on Application Users and Roles
- 16 HCM Data Roles and Security Profiles
- HCM Data Roles
- HCM Security Profiles
- Predefined HCM Security Profiles
- Create an HCM Data Role
- Best Practices for HCM Data Roles and Security Profiles
- Regenerate Security Profiles
- Role Delegation
- Configure Access to List of Proxy Users in Role Delegation
- How You Enable Delegation for a Role
- Assign Security Profiles to Job and Abstract Roles
- How You Preview HCM Data Security
- Configure HCM Data Roles and Security Profiles for Audit
- HCM Data Roles Configuration Diagnostic Test
- HCM Security Profile Configuration Diagnostic Test
- HCM Securing Objects Metadata Diagnostic Test
- FAQs for HCM Data Roles and Security Profiles
- 17 Person Security Profiles
- Guidelines for Securing Person Records
- How You Secure Person Records by Area of Responsibility
- Secure Person Records by Area of Responsibility
- Create an HCM Exclusion Rule
- Options for Securing Person Records by Manager Hierarchy
- Manager Type in Person Security Profiles
- Hierarchy Content in Person Security Profiles
- Person Type in Person Security Profiles
- Include Shared People Information in a Person Security Profile
- How You Secure Access to Candidates with Job Offers in Manage Job Offer Task
- Custom Criteria in Person Security Profiles
- Tables and Views in Custom Criteria
- FAQs for Person Security Profiles
- Can users see the contact records of the people they can access?
- What happens if a person has multiple assignments or person types?
- Can I secure access to person records by workforce structures or global name range?
- How can I exclude some records from a person security profile?
- What happens when I select the Access to own record check box?
- 18 Organization and Other Security Profiles
- How You Secure Organizations
- Guidelines for Securing Organizations
- Examples of Organization Security Profiles
- Guidelines for Securing Positions
- Hierarchy Content in Position Security Profiles
- Examples of Position Security Profiles
- Document Type Security Profiles
- Legislative Data Group Security Profiles
- Transaction Security Profiles
- Payroll Security Profiles
- Flow Security and Flow Owners
- Examples of Flow Pattern Security Profiles
- Talent Pool Security Profiles
- Create a Security Profile for Talent Pools
- FAQs for Organization and Other Security Profiles
- What's the difference between a generic organization hierarchy and a department hierarchy?
- What happens if I select an organization security profile for a generic organization hierarchy?
- What happens if I use the department or position from the user's assignment as the top department or position?
- When do I need a country security profile?
- When do I need a job requisition security profile?
- What happens if I include future objects in a security profile?
- How do I know which 'Organization hierarchy' scope to select for Area of Responsibility?
- Why doesn't 'Organization hierarchy for legal employer' appear as an option under Scope of Responsibility for position security profile?
- What Happens If I Don't Create or Map a Talent Pool Security Profile to My Data Roles?
- 19 Using the Security Console
- 20 Creating and Editing Job, Abstract, and Duty Roles
- 21 Regenerating Roles
- 22 Securing Access to Value Sets
- 23 Securing Content Sections in Person Profiles
- 24 Securing Access to Succession Plans, Incumbents, and Candidates
- 25 Securing Access to Talent Pools
- 26 Securing Access to Talent Review Meetings
- 27 Security and the Responsive User Experience
- 28 Security and Reporting
- 29 Roles for Workflow Access
- 30 Auditing Oracle HCM Cloud Business Objects
- How You Audit Oracle HCM Cloud Business Objects
- Enable Audit for Oracle HCM Cloud Business Objects
- Auditable Oracle HCM Cloud Business Objects
- Enable Audit for Oracle Platform Security Services
- Options for Enabling Access to HCM Audit Data
- Sensitive Data Access Audit
- Auditing Talent Pool Security Profiles
- 31 Certificate Management
- 32 Advanced Data Security