4User Account Preferences

This chapter contains the following:

Setup Assistant and User Account Preferences

Setup Assistant uses the default settings when creating setup users and the CEO at the top of the resource hierarchy. You can change the default behavior for the rest of your setup. Here are the default settings:

  • User names are set to email addresses.

  • Passwords must be at least 8 characters long and include a number

  • The application automatically notifies users when their accounts are created, when passwords need to be changed, and so on

Setup Overview

Review the settings for user name format and password strength and set up notifications before you create users. By default, the application uses the email address to create user names and requires passwords with eight letters and one number. You may want shorter user names and stronger passwords. You must also create your own versions of the notifications users receive regarding their accounts. Oracle provides sample notifications, but they include Oracle-specific language and may not include all of the information users need.

The Security Console you use for all these tasks includes many advanced features. Some don't even apply to your sales application. So, limit your use of the Security Console to the scope listed here.

Here's a list of the setup tasks covered in this chapter. You can open the tasks from the Setup and Maintenance work area, Sales offering, and Users and Security functional area. Remember that you may have to show All Tasks to see the task you want.

Step Description Navigation Where to Get More Details

1

Initialize the Security Console.

Setup and Maintenance > Sales > Users and Security > Import Users and Roles into Application Security

See the topic: Initialize the Security Console

2

Set up preferences for user name format, passwords, and create your own versions of the notifications that users receive about their accounts and passwords.

Setup and Maintenance > Sales > Users and Security > Manage Applications Security Preferences

To understand the notification process for new accounts and recommendations on the kinds of notification changes you may want to make, see the topic: Automatic New Account Notifications and What to Change.

For setup instructions, including a list of tokens you can use in your notifications, see the topic Set Up Preferences for User Names, Passwords, and Notifications. The topic includes a link to a video that provides an overview of the setup.

The Dos and Don'ts for Using the Security Console

The Security Console is a powerful tool, but you don't need all of its power for your initial setup. Here's an overview of the Security Console tabs and their uses. Only setup users, or other users with the IT Security Manager job role, can access the Security Console.

Tab What You Can Use It For

Roles

Create your own roles as described in Securing Sales and Service guide.

Users

Manage user passwords and update user email addresses. Don't use this tab to create users or to provision job roles. For sales, you must follow the instructions in the rest of this guide to create users, provision job roles, and change user names.

Note that all users, even members of the sales organization who can't access the Security Console, can reset their own passwords. That's done by clicking the user name in the welcome page and selecting the Preferences option from the Settings and Actions menu.

Analytics

Review role assignments and compare roles. This advanced security functionality is covered in the Securing Sales and Service guide.

Certificates

The sales application doesn't use this functionality.

User Categories

Specify password policies and manage notifications users receive about their accounts and passwords. You can specify different behavior for different categories of users. For the sales application, all the users you create are initially assigned to the Default category. But you can create additional user categories and move users to them.

Single Sign-On

Configure single sign-on.

Administration

Use to set role copying preferences and other advanced features covered in the Securing Sales and Service guide.

You can find information about more advanced tasks, including security configuration, in the Securing Sales and Service and the Extending Sales and Service guides.

Initialize the Security Console

You must initialize the Security Console before using it for the first time by running the process Import Users and Roles into Application Security. The process copies users, roles, privileges, and data security policies from the LDAP directory, policy store, and Applications Core Grants schema to Oracle Fusion Applications Security tables. Having this information in the tables makes the search feature of the Security Console fast and reliable. After the process completes the first time, Oracle recommends that you schedule the process to run daily.

  1. In the Setup and Maintenance work area, go to the following:

    • Offering: Sales

    • Functional Area: Users and Security

    • Show: All Tasks

    • Task: Import Users and Roles into Application Security

  2. On the Import Users and Roles into Application Security page, click Submit.

    This action starts the Import User and Role Application Security Data process. After the process completes, you can use the Security Console.

  3. Now set up this same process to run daily:

    1. On the Import Users and Roles into Application Security page, click Advanced.

    2. Click the Schedule tab.

    3. Select the Using a schedule option.

    4. From the Frequency list, select Daily.

    5. Enter an end date far in the future.

    6. Click Submit.

Automatic New Account Notifications and What to Change

For security reasons, users get the sign-in information they need to start using the application in two separate notifications. The first email tells users an account was created for them and includes a link they can use to create their passwords. The second email, which confirms the password reset, includes the user name. Here's how the process works by default:

  1. The application sends the new account notification. The email includes only the link to reset your password. It doesn't list the user name.

  2. Users click the link in the email and create their passwords.

  3. If users already know their user names, they can sign in to the application right away.

  4. The application sends the second password reset confirmation, which includes the user name.

  5. If users don't know their user names, they can get the user names from the second notification.

You can view the default notification text by opening the two templates provided by Oracle: ORA New Account Template and ORA Password Reset Confirmation Template in the Security Console. When you create your own templates, the text of the Oracle notification templates is copied automatically to your new template. You can edit the text or replace it with your own.

As set up by Oracle, the application also notifies the user's manager when a user account gets created and when passwords get reset. If you don't want to spam sales managers, you can disable these notifications or replace them with text of your own.

Suggested Changes

At a minimum, change the text of sample notifications to replace Oracle-specific language. You may also want to clarify the process:

  • New Account Template:

    Add language that makes it clear that to users that they can get the user name from the notification they receive immediately after they create their passwords.

  • Password Reset Confirmation Template

    Modify the text to highlight the user name, so it's easy to spot in the email. When making the edits, remember that users receive this notification every time they reset their passwords, not just the first time they create their password.

For navigation and setup details, including available tokens, see the topic and video: Set Up Preferences for User Names, Passwords, and Notifications.

Set Up Preferences for User Names, Passwords, and Notifications

Use the Security Console to set your preferences for user names, passwords, and user notifications. For example, you can require users to set stronger passwords, implement shorter user names, change the text of the notifications your users receive, or turn notifications off completely.

Oracle provides only sample notifications. You must change the Oracle-specific language in the notifications and add additional information users may need. For example, the initial notification users receive about their new account includes a link to create your password. But, for security reasons, Oracle doesn't include the user name. In that initial new account notification, you may want to explain that you get the user name from the subsequent password reset confirmation.

Set Preferences for User Names and Passwords

  1. Open the Security Console from the Setup and Maintenance work area:

    • Offering: Sales

    • Functional Area: Users and Security

    • Show: All Tasks

    • Task: Manage Applications Security Preferences

    Alternatively, click Tools > Security Console on the home page.

  2. Click User Categories.

    On the User Categories tab, you can set up different preferences and notifications for different categories of users. Since all of the sales users you create and import are created in the Default category, you set preferences for that category only.

  3. Click DEFAULT.

    On the DEFAULT User Category: Details page, you can set the user-name format.

  4. Click Edit.

  5. Select the user-name format you want to use from the User Name Generation Rule list.

    The application uses your selection to generate user names unless you enter the user names manually or import them from a file. By default, the application uses the email address as the user name.

    If you're implementing Partner Relationship Management, then you must use email for creating partner contacts. Otherwise, you can use any of the three following options:

    • First name.last name

    • Email

    • First initial and last name

    Don't use Person or party number because numbers aren't easily remembered by users. For example, if the person number generated by the application for John Smith is 100000000178803, then the user name is 100000000178803 as well.

  6. Selecting the Generate system user name when generation rule fails option ensures the application generates a user name even if there is no information available for the option you selected.

  7. Click Save and Close.

  8. Click the Password Policy subtab.

  9. Here you can specify password strength and expiration. For example, you can require users to use special characters in passwords and specify how frequently passwords must be changed.

  10. Selecting the Administrator Can Manually Reset Password option, makes it possible for administrators to manually create new passwords for users.

  11. Click Save and Close.

Configure Email Notifications and Change the Oracle-Specific Text

In the Notifications subtab on the DEFAULT User Category tab, you can specify which email notifications, if any, are sent to users and the text of those notifications. At present, the application supports text-only notifications in one language.

You can make these changes:

  • Turn all notifications on or off.

    By default, all notifications are turned on. If you're setting up a test environment, turn off notifications while creating sales users to prevent the users from signing in to the application while you're setting it up.

  • Turn individual notifications on or off.

    By default, all individual notifications are turned on.

  • Create your own notifications.

    Oracle provides predefined English-language sample templates with Oracle-specific language. You must create your own templates to provide users with the information they need.

Here's how to configure the email notifications:

  1. Click the Notifications subtab.

    The subtab lists the default notification templates provided by Oracle. The list includes the events that trigger the notifications and the email subject lines.

  2. To make changes, click Edit.

  3. If you want to turn off all notifications, then deselect the Enable Notifications option under the Notification Preferences heading.

  4. If you want to turn off individual notifications, then:

    1. Click the template name link.

    2. Deselect the Enabled check box.

    3. Click Save and Close.

  5. Here's how to create your own notification templates:

    1. Click Add Template and select the event.

      Selecting the event automatically copies over the text provided in the corresponding Oracle template which you can then edit.

    2. Edit the notification subject line and text.

      Here's a list of the tokens you can include in the message text. Each token must be within curly brackets and preceded by a dollar sign, for example: ${firstName}.

      Token Meaning Events

      userLoginId

      User name

      • Forgot user name

      • Password expired

      • Password reset confirmation

      firstName

      User's first name

      All events

      lastName

      User's last name

      All events

      managerFirstName

      Manager's first name

      • New account created - manager

      • Password reset confirmation - manager

      • Password reset - manager

      managerLastName

      Manager's last name

      • New account created - manager

      • Password reset confirmation - manager

      • Password reset - manager

      loginURL

      URL where the user can sign in

      • Expiring external IDP signing certificate

      • Password expired

      • Password expiry warning

      resetURL

      URL where the user can reset his or her password

      • New account created - manager

      • New user created

      • Password generated

      • Password reset

      • Password reset - manager

      CRLFX

      New line

      All events

      SP4

      Four spaces

      All events

      adminActivityUrl

      URL where an administrator initiates an administration activity

      Administration activity requested

      providerName

      External identity provider

      Expiring external IDP signing certificate

      signingCertDN

      Signing certificate

      Expiring external IDP signing certificate

      signingCertExpiration

      Signing certificate expiration date

      • Expiring external IDP signing certificate

      • Expiring service provider signing certificate

      encryptionCertExpiration

      Encryption certificate expiration date

      Expiring service provider encryption certificate

      adminFirstName

      Administrator's first name

      • Administration activity location based access disabled confirmation

      • Administration activity single sign-on disabled confirmation

      adminLastName

      Administrator's last name

      • Administration activity location based access disabled confirmation

      • Administration activity single sign-on disabled confirmation

    3. Select the Enabled option.

    4. Click Save and Close.

    The predefined template provided by Oracle is automatically disabled. You can only have one template for each event.

  6. On the DEFAULT Category: Notifications page, click Done.

Set the Synchronization Process Frequency Warning

If you don't like warning messages, read on. Whenever you navigate to the Security Console, you get a warning if the Import User and Role Application Security Data process was not run in the last six hours. If you scheduled the process to run daily, then it makes good sense to change the value of the warning as well.

  1. Click the Administration subtab.

  2. Change the value for the Hours Since Last Synchronization Job Run Warning.