3.3.2 Configuring Security Attributes for Users with JIT

To configure security attributes for users with JIT, follow these steps:
  1. Post-installation steps, log in as SYSADMN and update the following in the System Configuration Details.
    1. Select Authentication Type as LDAP Authentication and SMS Authorization.
    2. Click Add and provide your LDAP Server Details and click Save.
    3. Enable JIT provisioning option.
  2. Execute the following statement to enable JIT sync.
    UPDATE CONFIGURATION set paramvalue = 'Y' where paramname='JIT_IS_SYN- C_GRP_ENABLED'; COMMIT;

    Note:

    If a new user is added to a group or an existing user is removed from the group, in the next login, remapping the security attributes is done only if JIT_IS_SYNC_GRP_ENABLED is set to 'Y'.
  3. Create Application User Groups and Users mappings in the LDAP Server. In the Atomic Schema, a new table FCC_GROUP_SEC_ATTR_MAP is introduced to configure the Security attributes mapping to the Application User Groups.
  4. To configure security attributes to the User groups, log in to the Atomic Schema in the FCC_GROUP_SEC_ATTR_MAP table and populate the following columns with the mentioned values.
    • Valid values for V_GROUP_CD column are the User groups mapped to the User.
    • Valid values for V_SEC_ATTR_CD column are DOMAIN1, DOMAIN2, DOMANI3, DOMAIN4, and DOMAIN5.
    • Valid values for V_SEC_ATTR_VAL column are the values that are available in DIM_DOMAIN1, DIM_DOMAIN2, DIM_DOMANI3, DIM_DOMAIN4, and DIM_DOMAIN5 table, respectively.
  5. Log in with the New User in the Application and verify whether the Security attributes mapping is successful.
  6. Update tnsnames.oar file with CRR atomic schema as follows.

    <atomic_schema_name>= (DESCRIPTION =

    (ADDRESS= (PROTOCOL = TCP)(HOST = <hostname>)(PORT = <port_number>)) (CONNECT_DATA =

    (SERVER= DEDICATED)

    (SERVICE_NAME= <service_name>)

    )

    )

    Note:

    If the atomic schema name created has underscore(_), then remove the underscore and update. For example, CRR_atomic must be updated as CRR- atomic.
  7. If there are no changes to User group mapping and only changes to Security attribute mapping, then follow these steps to create and execute the respective batches which will populate the required tables with the updated security attributes:
    1. Log in as an Admin user.
    2. Navigate to Run Rule Framework and create a Batch for CRR.
    3. Add CRR task FN_FCC_CRR_JIT_SYNCH to the batch.
    4. Navigate to the Common Tasks menu, select Operations and click Batch Execution to execute the batch.
    For more information batches, see Run Rule Framework Chapter in the Oracle Financial Services Advanced Analytical Applications Infrastructure User Guide.