2 Set Up Users and Roles

You need to create a resource user in order to add team members to an Initiative. If resource user is not created, and only a security user is available, refer to the following sections to create and configure a resource user.

Use this topic to set up the fusion resource users for the Launch application. The existing user needs to migrate to resource user in order to work on Initiative team creation.

Create a Resource Role section describes the procedure for adding resource roles as per your business requirements.

Create a Resource User

You must create a resource user for the multiple business units and offer approvals to work. You then configure the resource hierarchy so that the approvals traverse up through the hierarchy. Provide Resource Role, Reporting Manager, and Organization (Resource Organization) as additional details. You can select a user organization or create a new resource organization as organization while creating a resource user.

The approval process will work only when the associated initiative is configured for approvals.

You must add the required job roles to the resource user through the Security Console. If you need more information about adding roles, see Assign Roles to an Existing User.

Create a Resource Role

To create a resource role:
  1. In the Setup and Maintenance work area, go to the Task menu on the right side and select Search.
  2. Search for the task name: Manage Resource Roles

  3. To create a new resource role, click Create.

    The Create Role page appears.

  4. In the Role Name field, enter the name of the resource role as you want it to appear in the application UI. For example, Communications Catalog Administrator.

  5. In the Role Code field, enter a unique internal name in capital letters. No spaces are permitted but you can use the underscore character instead. For example, enter COMM_CATALOG_ADMIN. If you are importing users from a file, you must include the code in your file rather than the role name.
  6. If the resource role belongs to a manager, select the Manager option. If the resource role belongs to an individual contributor, select the Member option.
  7. From the Role Type list, select Sales to classify the role that you're creating.
  8. Click Save and Close.

Repeat the above steps to create all the resource roles required for the Launch application.

Resource Role Names:
  • Communications Catalog Administrator
  • Communications Catalog Product Manager
  • Communications Marketing Manager
  • Communications Catalog Viewer
  • Communications Product Specialist

Note:

The role name should match the ADR repository name, and the code can be generated accordingly.

Once the resource role is created, create the corresponding CRM job role mapping. You need to add the corresponding job mapping for all the five resource roles. See Manage HCM Role Provisioning Rules for more information.

Manage HCM Role Provisioning Rules

You must create rules to provision roles to the users. Otherwise, users will not have access to data or functions, and cannot perform any application tasks.

Before you create users, you must create role-provisioning rules to assign job roles. This can be set up to happen automatically, based on the resource roles assigned to the users. Using auto-provisioning ensures that the new users are assigned job roles both efficiently and consistently.

To manage the HCM Role Provisioning Rules:

  1. Sign in to your Oracle Applications Cloud environment as an admin user.
  2. Click Navigator, select My Enterprise, and then select Setup and Maintenance.
  3. In the Setup and Maintenance work area, go to the Tasks menu on the right side, and click Search.
  4. Search for Manage HCM Role Provisioning Rules.

  5. To create a provisioning rule, click Create on the Manage Role Mappings page.

    The Create Role Mapping page appears.

  6. In the Mapping Name field, enter a name that identifies the mapping.

    For example, enter Communications Catalog Administrator in the Mapping Name field if you are creating a rule to provision the Communications Catalog Administrator resource role.

  7. In the Conditions section, enter the following:

    Resource Role: Select the resource role you want to provision (for example, Communications Catalog Administrator).

  8. In the Associated Roles section, click Add to add the job roles you want to provision.

    For example, add the Communications Catalog Administrator job role for Communications Catalog Administrator (This is preseeded as part of the ADR changes).

    You need to add Resource role for accessing fusion Resource user controls.

  9. Select one or more of the role-provisioning options shown for each role you have added.

    1. Requestable: Qualifying users can provision the role to other users. A qualifying user is the one that satisfies the rule conditions.
    2. Self-Requestable: Qualifying users can request the role for themselves.
    3. Autoprovision: Qualifying users get the role automatically. This is selected by default. Deselect if you don't want to use auto-provisioning.
  10. Click Save and Close and then Done to return to the Functional Areas task list. You must create provisioning rules for each resource role you intend to assign to users.

Once the job mapping is created, you can create users with resource roles. See Create Resource User with Resource Role for more information.

Create Resource User with Resource Role

To create resource user with resource role:
  1. Click Navigator, expand My Team section, and then click Users and Roles to open the Search Person page. In the Search Results section, click the create + icon.
  2. On the Create User page, Personal Details region, enter the user's name and a unique email address. The application sends user notifications to this email address by default unless you disable notifications in the Security Console.

    Note:

    After you create the user, if you want to change the email address, you can do so on the Users tab of the Security Console or using file import. You can't change email addresses on the Edit User page of the Manage Users work area.
  3. In the User Notification Preferences region, select the Send user name and password check box if you wish to notify the user when their account is created and the user record is saved. The notification includes a URL that users can use to reset their password and sign in.

    The Send user name and password option is enabled only if the notifications are enabled on the Security Console and an appropriate notification template exists. For example, if the predefined notification template New Account Template is enabled, then a notification is sent to the new user when you select the Send user name and password option.

    If you deselect the Send user name and password option, notification is not sent when the account is created. You can choose to send the email later by running the Send User Name and Password E-Mail Notifications process. This process sends notifications to any users for whom you haven't so far requested an email. An appropriate notification template must be enabled at that time. Alternatively, you can use the Security Console to reset the password and send the notification.

  4. In the Employment Information region, enter the values shown in Table 2-1.

    Table 2-1 Employment Information Region Entries

    Field Entry
    Business Unit Select the business unit for the user. Oracle creates an initial business unit using the information you provided when you signed up.
    Legal Employer Select the legal employer Oracle created using the information you provided when you signed up with the cloud service.
    Person Type Select Employee

    Other fields in the Employment Information region are not mandatory.

  5. In the Resource Information region, enter the values shown in Table 2-2.

    Table 2-2 Resource Information Region Entries

    Field Entry
    Reporting Manager

    Select the user's manager.

    If you are creating the top user in your hierarchy, such as the CEO, you can leave this field blank.
    Organization

    If the user you're creating is a manager, and if you already created a resource organization for this manager, then select the appropriate resource organization. If you haven't created a resource organization for the manager, then you can create one by clicking the Create link from the end of the Organization list. The Create Organization dialog box is displayed allowing you to enter a new organization name.

    If the user you're creating isn't a manager, then the resource organization is automatically copied from the manager.
    Resource Role Select the role the user plays in the resource organization.

  6. In the Roles region, click Autoprovision Roles.

    Any roles for which the user qualifies, automatically appear in the Role Requests table with the status Add Requested.

    The application provisions roles according to the provisioning rules specified for the selected resource role. Each sales user must have both the Employee and the Resource abstract roles in addition to the job roles they require.

  7. You can also provision a role manually to the user by clicking Add Role. The Add Role dialog box opens.

  8. Search for and select the role. The role is added to the Role Requests table with the status Add Requested.

    Note:

    Roles that you can provision to others must appear in a role mapping for which you satisfy the role-mapping conditions and where the Requestable option is selected for the role.

  9. Click Save and Close.

    The application creates the user. If you selected the Send user name and password option, the application sends the user the email with the URL the user can use to sign in to the application for the first time.

  10. Click Done.

(Optional) Add Photo to a Resource User

To add photo to a resource user:
  1. Click Resource Directory in the Navigator.
  2. On the Resource Directory page, search for the top user (the CEO) by first name using the Search: Resources panel located on the left side of the page.
  3. Click the user name link in the Search Results.
  4. Click Upload Picture option to upload a picture of the user.
  5. Save the changes.

Create a Rollback User

To create a user with rollback privileges:

  1. In the Security Console, click the Users tab.

  2. Search for and select the user to whom you want to assign the job role.

  3. On the User Account Details page, click Edit .

  4. In the Roles section, click Add Role.

  5. Search for the role named Catalog Entity Rollback Management with the code ORA_ATC_CATALOG_ENTITY_ROLLBACK_MANAGEMENT_DUTY that you intend to assign to the user, and then click Add Role Membership.

  6. Click Done.

Synchronize Roles and Privileges

Use this topic to synchronize the roles and privileges with Security Console.

After configuring roles and users, run the Import User and Role Application Security Data scheduled process to synchronize the changes with Security Console. If you have administrator privileges, here are the quick steps to help you get started. For more information on scheduled processes, see Import Roles and Privileges into Security Console.

  1. Click Navigator, expand Tools section, and then select Scheduled Processes.

  2. On the Overview page, click Schedule New Process.

  3. In the Schedule New Process window, click the Search option in the Name drop-down list.

  4. In the Search and Select: Name window, enter Import Users and Role in the Name field and click Search.

  5. From the search result, select Import User and Role Application Security Data and click OK.

  6. Click OK, and then click Submit. It may take a few moments for the process to complete.

Synchronize All Users Between Launch Cloud Service and Customer Experience Industry Framework Identity Management

To synchronize all users between Launch Cloud Service and Industry Framework Identity Management, you need to:

  • Configure the application and define user name suffixes.

  • Test the configuration.

  • Activate the synchronization process.

To configure the application:

  1. Log in to your CX Industry Framework identity domain in your Oracle Cloud Infrastructure account. You can get this link from your welcome email. If you have questions about which tenancy and domain to log in to, contact your Oracle Support team.

  2. Create a new application by selecting Applications in the navigation pane, and then click the Add application button.

  3. Select Application Catalog and then click the Launch app catalog button.

  4. Search for and select the template named Oracle Fusion Applications Release <X>, where the release is 13 or later.

  5. On the Add Oracle Fusion Applications Release screen, complete these fields:

    • Name

    • Description (optional)

    • Application icon (optional)

  6. Click Next.

  7. In the General section, complete these fields using a bogus URL that begins with http:// and ends with .com:

    • Entity ID: http://bogus-url.com

    • Assertion Consumer URL: http://bogus-url.com

  8. Under Additional configurations, complete these fields with the same URL:

    • Single Logout URL: http://bogus-url.com

    • Logout Response URL: http://bogus-url.com

  9. Click Next.

  10. Turn On Enable Provisioning and click Confirm.

  11. In the Configure connectivity section, complete the following fields:

    • Administrator Username: Enter your Fusion applications administrator credentials.

    • Administrator Password: Enter your Fusion applications administrator password.

    • Host Name: Enter the Fusion application URL hostname portion without http://. For example, myFAhostname.oraclecloud.com

    • Port Number: 443

    • SSL Enabled: Select this option.

  12. In the Provisioning Operations section, complete these fields:

    • Authoritative sync: Select this option.

    • Create account: Select this option.

    • Update account: Select this option.

    • Deactivate account: Select this option.

    • Delete account: Deselect this option.

  13. Turn on Enable Synchronization.

  14. Scroll up to view the Configure Attribute Mapping section and click the Attribute mapping button.

  15. On the Attribute mapping screen, select the Application to identity domain option.

  16. Locate the row with the User column value set to Federated and modify the source value in the left column to be true where it says false.

  17. Click the Save changes button, which returns you to the previous screen.

  18. In the Configure synchronization section, complete the Synchronization Schedule field with the frequency you want to use for synchronization. The recommended value is Every hour.

  19. Click Finish.

  20. When you are ready to either test the synchronization, or make the synchronization live, Click Activate and continue to the next task.

After you configure the application you need to import users and groups that you want to synchronize, and test the synchronization setup to ensure that the selected application users and groups are being synchronized to the Fusion application identity domain. When you have successfully tested the synchronization, you then activate the process using the instructions in the next task.

To test the synchronization

  1. From where you left off in the previous task, scroll down to the Resources section in the navigation panel and select Import, and then click the Import button.

  2. The message on the screen indicates that the import job has been submitted and is running. Refresh the screen until the Import status changes to Complete.

  3. Go back to the main screen for the Fusion applications identity domain to verify that users were successfully copied from Fusion applications.

  4. In the navigation pane, click Users and Groups respectively to verify:

    • Groups: Verify that the groups you expect to see are available.

    • Users: Verify that the users you expect to see are available and that they are members of the correct groups.

  5. Remove the test results by completing these steps:

    • Deactivate the application created in the previous task.

    • Delete all users and groups that were migrated into Fusion applications identity domain.

  6. Complete the steps in the next task to activate the synchronization process.

To activate the synchronization process:

  1. Log in to your CX Industry Framework identity domain in your Oracle Cloud Infrastructure account. You can get this link from your welcome email. If you have questions about which tenancy and domain to log in to, contact your Oracle Support team.

  2. Select Domains, then click on the domain name.

  3. Select Oracle Cloud Services from the navigation panel and locate the application corresponding to the CXIF instance. The name starts with either CXIF or DX4C, and the description likely reads CXIF IDCS Application. It was created during the CX Industry Framework provisioning process.

  4. Select the application and then, under Resources, select Application roles.

  5. Verify that the application has the following application roles:

    • dx_DX4C_Configuration_Endpoint_Read

    • dx_DX4C_Configuration_Endpoint_Write, and others

  6. Using the steps in the previous task, activate the application and import the users and groups again.

  7. When the import is complete, return to your CX Industry Framework identity domain, select your domain, and then select Groups from the navigation pane. Verify that these groups are displayed:

    • Communications Customer Service Administrator

    • Communications Customer Service Manager

    • Communications Customer Service Representative

  8. Return to the application referenced in step 3, and then select Application roles. The roles beginning with "dx" are displayed.

  9. Assign Groups to the role dx_DX4C_Configuration_Endpoint_Read. To assign the groups, complete these steps for each role:

    1. Click on the action menu and click Assign groups.

    2. Select the three groups listed above that are associated with the utility customer service agent, manager, and administrator, and click Assign.

  10. Once all of the groups are assigned, you have completed the process.

Create Aftermarket Extensibility Administrative User

Use this topic to create an aftermarket extensibility administrative user.

You can now extend the product offering entity by specifying a list of fields to be extended using the Launch user interface. The administrative user for this function can upload the spreadsheet containing the list of fields to be extended. The fields should be simple attributes of type text, number and check box.

For example, if a communications service provider wants to extend the product offering entity, say, SupremoProductOfferingInfo with the additional field partnerBrand and similar other fields, the user with the custom job role Catalog Extension Management Duty Role has the privileges for this extension.

Here's how you can create the user for this role:

  1. In the security console, click Roles.
  2. Click Create role.
  3. Create a CRM job role by entering a unique role name and role code.
  4. Go to the Role Hierarchy tab and search for Catalog Extension.
  5. Select the Catalog Extension Management duty role.
  6. Verify the function security policies listed in the tab.
  7. Ensure that these are configured in the above list:
    • Manage Extensible Object
    • Manage Catalog Extension
    • View Catalog Extension
    • View Extension Tile

    Note:

    The Administer Sandbox privilege must be added manually from Add Function Security Policy even if it's inherited from the Catalog Extension Management duty role.
  8. Click Add Function Security Policy, search for the Administer Sandbox privilege and click Add Privilege to Role.
  9. Go to the Users tab, and click Add User.
  10. Select the user you want to configure the role for.
  11. Click Add user to Role.
  12. Save the job role.