1. Implementing Launch Experience
  2. Synchronize Roles and Privileges

Synchronize Roles and Privileges

Use this topic to synchronize the roles and privileges with Security Console.

After configuring roles and users, run the Import User and Role Application Security Data scheduled process to synchronize the changes with Security Console. If you have administrator privileges, here are the quick steps to help you get started. For more information on scheduled processes, see Import Roles and Privileges into Security Console.

  1. Go to Navigator > Tools > Scheduled Processes and then click Schedule New Process.

  2. Click Search corresponding to the Name drop-down list.

  3. Under Search and Select, enter Import Users and Role in the Name field and click Search.

  4. From the search result, select Import User and Role Application Security Data and click OK.

  5. Click OK, and then click Submit. It may take a few moments for the process to complete.

Synchronize All Users Between Launch Experience and Customer Experience Industry Framework Identity Management

To synchronize all users between Launch Experience and Industry Framework Identity Management, you need to:

  • Configure the application and define user name suffixes.

  • Test the configuration.

  • Activate the synchronization process.

To configure the application

  1. Log in to your CX Industry Framework identity domain in your Oracle Cloud Infrastructure account. You can get this link from your welcome email. If you have questions about which tenancy and domain to log in to, contact your Oracle Support team.

  2. Create a new application by selecting Applications in the navigation pane, and then click the Add application button.

  3. Select Application Catalog and then click the Launch app catalog button.

  4. Search for and select the template named Oracle Fusion Applications Release <X>, where the release is 13 or later.

  5. On the Add Oracle Fusion Applications Release screen, complete these fields:

    • Name

    • Description (optional)

    • Application icon (optional)

  6. Click Next.

  7. In the General section, complete these fields using a bogus URL that begins with http:// and ends with .com:

    • Entity ID: http://bogus-url.com

    • Assertion Consumer URL: http://bogus-url.com

  8. Under Additional configurations, complete these fields with the same URL:

    • Single Logout URL: http://bogus-url.com

    • Logout Response URL: http://bogus-url.com

  9. Click Next.

  10. Turn On Enable Provisioning and click Confirm.

  11. In the Configure connectivity section, complete the following fields:

    • Administrator Username: Enter your Fusion applications administrator credentials.

    • Administrator Password: Enter your Fusion applications administrator password.

    • Host Name: Enter the Fusion application URL hostname portion without http://. For example, myFAhostname.oraclecloud.com

    • Port Number: 443

    • SSL Enabled: Select this option.

  12. In the Provisioning Operations section, complete these fields:

    • Authoritative sync: Select this option.

    • Create account: Select this option.

    • Update account: Select this option.

    • Deactivate account: Select this option.

    • Delete account: Deselect this option

  13. Turn on Enable Synchronization.

  14. Scroll up to view the Configure Attribute Mapping section and click the Attribute mapping button.

  15. On the Attribute mapping screen select the Application to identity domain option.

  16. Locate the row with the User column value set to Federated and modify the source value in the left column to be true where it says false.

  17. Click the Save changes button, which returns you to the previous screen.

  18. In the Configure synchronization section, complete the Synchronization Schedule field with the frequency you want to use for synchronization. The recommended value is Every hour.

  19. Click Finish.

  20. When you are ready to either test the synchronization, or make the synchronization live, Click Activate and continue to the next task.

After you configure the application you need to import users and groups that you want to synchronize, and test the synchronization setup to ensure that the selected application users and groups are being synchronized to the Fusion application identity domain. When you have successfully tested the synchronization, you then activate the process using the instructions in the next task.

To test the synchronization

  1. From where you left off in the previous task, scroll down to the Resources section in the navigation panel and select Import, and then click the Import button.

  2. The message on the screen indicates that the import job has been submitted and is running. Refresh the screen until the Import status changes to Complete.

  3. Go back to the main screen for the Fusion applications identity domain to verify that users were successfully copied from Fusion applications.

  4. In the navigation pane, click Users and Groups respectively to verify:

    • Groups: Verify that the groups you expect to see are available.

    • Users: Verify that the users you expect to see are available and that they are members of the correct groups.

  5. Remove the test results by completing these steps:

    • Deactivate the application created in the previous task.

    • Delete all users and groups that were migrated into Fusion applications identity domain.

  6. Complete the steps in the next task to activate the synchronization process.

To activate the synchronization process

  1. Log in to your CX Industry Framework identity domain in your Oracle Cloud Infrastructure account. You can get this link from your welcome email. If you have questions about which tenancy and domain to log in to, contact your Oracle Support team.

  2. Select Domains, then click on the domain name.

  3. Select Oracle Cloud Services from the navigation panel and locate the application corresponding to the CXIF instance. The name starts with either CXIF or DX4C, and the description likely reads CXIF IDCS Application. It was created during the CX Industry Framework provisioning process.

  4. Select the application and then, under Resources, select Application roles.

  5. Verify that the application has the following application roles:

    • dx_DX4C_Configuration_Endpoint_Read

    • dx_DX4C_Configuration_Endpoint_Write, and others

  6. Using the steps in the previous task, activate the application and import the users and groups again.

  7. When the import is complete, return to your CX Industry Framework identity domain, select your domain, and then select Groups from the navigation pane. Verify that these groups are displayed:

    • Communications Customer Service Administrator

    • Communications Customer Service Manager

    • Communications Customer Service Representative

  8. Return to the application referenced in step 3, and then select Application roles. The roles beginning with "dx" are displayed.

  9. Assign Groups to the role dx_DX4C_Configuration_Endpoint_Read. To assign the groups, complete these steps for each role:

    1. Click on the action menu and click Assign groups.

    2. Select the three groups listed above that are associated with the utility customer service agent, manager, and administrator, and click Assign.

  10. Once all of the groups are assigned, you have completed the process.