Configuring Just in Time Provisioning
Just In Time provisioning is a process that creates application user record in the OUAF-based business applications upon first successful login.
The new user is created in the business application based on a pre-defined OUAF Template User.
The Template User is determined from the mapping between Groups and OUAF Template Users defined in Identity Management Integration Configuration.
Steps to configure Just In Time provisioning:
• Assign Security Administrator user to a Online Application Role in the environment (this is required to access the OUAF with access administrator privileges)
Setting Up Groups for Provisioning - Identity Domain
The following is a suggested approach to Just-In-Time provisioning.
Create Groups in the Identity Domain that represent broad functional areas and/or authorization level in the service. For example:
• For Non-Production (Development and Testing) environments:
• Implementers
• Business Analysts
• QA Team
• Security Testing
• Functional Testing
• For Production environments:
• Call Center
• Call Center Supervisor
• Business Administrator
• Accounting
Configuring User Provisioning Rules - Oracle Utilities Application Framework
To configure Identity Management Integration in the Oracle Utilities Application Framework (OUAF):
• Create Template Users that represent various level of access authorization
• Review existing Template Users.
If your intention is to use a Template User to provision integration (non-human) users you might have to assign Default Access Group to the Template User.
• Map the Groups created above to the Template Users in OUAF in the Identity Management Integration Master Configuration.
If the Identity Management Integration Master Configuration is not configured at the time the user record is created, the user will be provisioned with K1MINACS (default minimal access)