Synchronize Users Between Fusion Applications Identity Domain and Oracle Utilities

Complete these steps to enable the automatic synchronization of Fusion users and Oracle Utilities users between Fusion applications and Oracle Utilities. This includes:

• Configuring the application
• Testing the Configuration

Before completing these steps, verify that you have completed the tasks in the Prerequisites section, including the Create OAuth Client task.

Configure the Application

Complete these steps to enable the automatic synchronization of Fusion users and Oracle Utilities users between Fusion applications and Oracle Utilities.

1. Log in to your Customer Cloud Service identity domain in your Oracle Cloud Infrastructure account. You can get this link from your welcome email. If you have questions about which tenancy and domain to log in to, contact your Oracle Support team.
2. Create a new application by selecting Integrated Applications in the navigation pane, and then click the Add application button.
3. Select Application Catalog and then click the Launch app catalog button.
4. Search for and select the application named GenericScim - Client Credentials.
5. On the Add application details screen, complete these fields:
   • Name Description (optional)
   • Application icon (optional)
6. Click Next.
7. Turn On Enable Provisioning and click Confirm.
8. In the Configure connectivity section, complete the following fields:
   • Host Name: Enter the Fusion application Identity domain URL hostname portion without http://. For example, myFAhostname.oraclecloud.com
   • Base URI: /admin/v1/.
   • Client ID: Client ID copied in Create OAuth Client in Fusion Applications Identity Domain step
   • Client Secret: Client Secret copied in Create OAuth Client in Fusion Applications Identity Domain step
   • Scope: urn:opc:idm:_myscopes_
   • Authentication Server URL: Enter the Fusion application Identity domain token URL. For example, https://myFAhostname.oraclecloud.com/oauth2/v1/token
9. Click on Test connectivity to test the connection to Fusion application identity domain.
10. In the Select Provisioning Operations section, complete these fields:
    • Authoritative sync: Select this option.
    • Create an account: Select this option.
    • Update account: Select this option.
    • Deactivate account: Select this option.
    • Delete account: Deselect this option
    • Push user updates: Deselect this option
    • Push user activation/deactivation status: Select this option.
11. Turn on Enable Synchronization.
12. Scroll up to view the Configure Attribute Mapping section, and click the Attribute mapping button.
13. On the Attribute mapping screen, select the Application to identity domain option.
14. Locate the row with the User column value set to Federated and modify the source value in the left column to be true where it says false.
15. Click the Save changes button, which returns you to the previous screen.
16. In the Configure synchronization section, complete the Synchronization Schedule field with the frequency you want to use for synchronization. The recommended value is Every hour.
17. Click Save changes.
18. When you are ready to either test the synchronization, or make the synchronization live, Click Activate and continue to the next task.

Test the Synchronization

This process includes importing users and groups that you want to synchronize, and tests the synchronization setup to ensure that the users are being synchronized between applications.

1. Log in to Fusion applications as an administrator.
2. Select Tools and then select Security Console.
3. Create several test users.
4. Return to the Customer Cloud Service identity domain.
5. Scroll down to the Resources section in the navigation panel and select Import, and then click the Import button.
6. The message on the screen indicates that the import job has been submitted and is running.
7. Refresh the screen until the Import status changes to Complete.
8. Go back to the main screen to verify that users were successfully copied from the Fusion applications identity domain.
9. In the navigation pane, click Users and verify that the users you expect to see are available.
10. If you are not ready to perform the full user synchronization, remove the test results by completing these steps:
    • Deactivate the application created in the previous task.
    • Delete all users that were migrated from the Fusion applications identity domain.
11. If you deactivate the application, you will need to reactivate it and complete the steps to import the users again when you are ready to make the synchronization live.