User Provisioning for Onboarding
This topic describes how to use REST APIs through Postman to provision new users to Oracle Health Insurance Cloud Services.
Understanding User Types
-
Federated Users: A federated user is created and managed by an identity provider. Here, the third-party identity provider (IdP) handles authentication, and users must synchronize with the Identity Domain.
-
Provisioned Users: A provisioned users are systematically created and provisioned in Oracle Health Insurance Cloud Services.
How to Provide User Access
Using setup user (oica_setup) with SETUP_ACCESS_ROLE, the Oracle Health Insurance Cloud Services Administrator assigns different access roles to a user as per requirement.
For example, to access all APIs users can either provide ALL_API_ACCESS_ROLE or can create fine-grain access roles and provision the user with that role.
To provision a user with a different access role, follow the below steps:
-
Step 1: Create a Confidential Application
-
Step 2: Configure the Authorization Parameters in Postman
-
Step 3: Enable the User Access in the Oracle Health Insurance Application
-
Step 4: Provide Access Role to the User
Step 1: Create a Confidential Application
In this first step, you need to create an IDCS confidential application. It is required to communicate with Oracle Health Insurance Cloud Services REST APIs. For more information, refer to OAuth 2.0 Clients.
| While creating a confidential Application in IDCS, under the Allowed Grant Types section, select the Resource Owner check box. Also, select the appropriate Scope and in Activate Application? dialog box, click Activate Application. |
Step 2: Configure the Authorization Parameters in Postman
To provision the user, in Postman, click Authorization, and under the Type select OAuth 2.0. Then configure the right-hand section as described below:
| You need the Client ID and Client Secret from the newly created confidential application. |
- Authorizations
Type |
OAuth 2.0 |
Token Name |
<The name that the user provided.> |
Grant Type |
The grant type used to obtain the token. In Postman, select Password Credentials. |
Access Token URL |
<URL address> |
Client Id |
Client ID generated after registration of application in newly created IDCS. |
Client Secret |
Client Secret generated after registration of application in newly created IDCS. |
User Name |
oica_setup |
Password |
<oica_setup password> |
Scope |
Oracle Health Insurance API that need to be invoked. For example |
Now, click Get New Access Token, this generates a new access token.
Step 3: Enable the User Access in Oracle Health Insurance Application
The access role must be Enabled or Created in the Application either through application UI or using API.
For more information on how to enable user access refer to the chapter User Access in the specific Oracle Health Insurance Components documentation.
Step 4: Provide Access Role to the User
Using the above Access token send the following request:
HTTP Method |
|
Base URL |
|
Content-Type |
|
| In order to send the payload in JSON format, under Body, click Text and select JSON. |
- Request Body Example
{
"loginName": "<User_Name>",
"displayName": "<Display_Name>",
"active": true,
"userRoleList":
[ "ALL_API_ACCESS_ROLE","ALL_IP_ACCESS_ROLE","ALL_FUNCTIONS_ACCESS_ROLE" ]
}
Each role grants different privileges for different features to the same user.
Depending on the feature the user is accessing, the user can perform different tasks.
For example, the above user is assigned the ALL_API_ACCESS_ROLE ALL_IP_ACCESS_ROLE, and ALL_FUNCTIONS_ACCESS_ROLE where they can access all Oracle Health Insurance API, IP, and function.
| Oracle Health Insurance Cloud Services Administrator can create fine-grain access roles and provision the user with those roles as per their requirements. |