Configure Oracle Fusion Applications and Oracle Identity Cloud Service

Configure the trusting relationship between Oracle Fusion Applications and Oracle Identity Cloud Service. In this relationship, Oracle Fusion Applications is the service provider and Oracle Identity Cloud Service is the identity provider. This configuration will create a user in Oracle Identity Cloud Service when you create an account in Oracle Fusion Applications, and vice versa.

Register the Fusion Application

Register the Fusion application in Oracle Identity Cloud Service.

1. Open the Oracle Identity Cloud Service administration console, select Applications, and then click Add.
2. Click App Catalog.
3. Search for Oracle Oracle Fusion Applications or Oracle Fusion Applications Release 13.
4. Click Add.
5. In the App Details section, enter the Tenant Name and the Domain Name.
6. Deselect the sub apps that you don't need, and then click Next.
7. Enter the Entity ID.
8. Click Upload, then locate and select the PEM certificate.
9. In the Authentication and Authorization section, select the Enforce Grants as Authorization check box.
   When you select this option, Oracle Identity Cloud Service validates the user authorization status for the application.
10. Click Next to enable provisioning and synchronization for Oracle Fusion Applications.

Enable Provisioning for Oracle Fusion Applications

Enable provisioning to manage Oracle Fusion Applications user accounts through Oracle Identity Cloud Service.

1. On the Provisioning page, select Enable Provisioning.
2. Set the following fields to establish a connection with Oracle Fusion Applications through Oracle Identity Cloud Service:
   • Administrator Username: Enter the Oracle Fusion Applications service account user name.
   • Administrator Password: Enter the Oracle Fusion Applications service account password.
   • Host Name: Enter the host name of the server that hosts Oracle Fusion Applications. For example: myhost.oraclecorp.com
   • Port Number: Enter 443. This is the port number where Oracle Fusion Applications listens.
   • SSL Enabled: Select the check box for SSL communication between Oracle Identity Cloud Service and Oracle Fusion Applications.
3. Click Test Connectivity to verify the connection with Oracle Fusion Applications.
   Oracle Identity Cloud Service displays a confirmation message.
4. Click Attribute Mapping, to view the predefined attribute mappings between the user account fields defined in Oracle Fusion Applications and the corresponding fields defined in Oracle Identity Cloud Service. Then click OK to close the dialog.
5. Specify the provisioning operations that you want to enable for Oracle Fusion Applications:

   • Authoritative Sync: Configures Oracle Fusion Applications as an authoritative source of Oracle Identity Cloud Service. In this configuration, when you create or modify users, roles, and user role memberships in Oracle Fusion Applications, these are also updated in Oracle Identity Cloud Service.

   • Create Account: When you give access to Oracle Fusion Applications to a user in Oracle Identity Cloud Service, it automatically creates an account in Oracle Fusion Applications.
   • Update Account: When you update a user account in Oracle Identity Cloud Service, it automatically updates the corresponding account in Oracle Fusion Applications.
   • Deactivate Account: When you activate or deactivate an account in Oracle Identity Cloud Service, it automatically activates or deactivates the corresponding account in Oracle Fusion Applications.
   • Delete Account: When you delete an account in Oracle Identity Cloud Service, it automatically deletes the corresponding account in Oracle Fusion Applications.

   Note:

   By default, authoritative sync is deselected and the other provisioning operations are selected. If you select authoritative sync, the other operations for this application are disabled and you can't perform the provisioning operations using Oracle Identity Cloud Service.

Enable Synchronization for Oracle Fusion Applications

Enable synchronization to manage user accounts in Oracle Fusion Applications through Oracle Identity Cloud Service.

1. On the Provisioning page, select Enable Synchronization.
2. From the User Identifier drop-down list, select the Oracle Identity Cloud Service user attribute that you want to match with the corresponding record retrieved from Fusion application:
   • Primary Email Address: Select this option if the user's email and user name are the same.
   • User Name: Select this option if the user name doesn't match the user email.
3. By default, the name option is selected for the Application Identifier drop-down list. Leave this value.
4. From the When exact match is found drop-down list, select an action to perform when there is a matching Oracle Identity Cloud Service user for a Fusion application account:
   • Link and confirm: Automatically link the matching account to the corresponding Oracle Identity Cloud Service users based on the defined User Identifier and Application Identifier fields.
   • Link but do not confirm: Ask for confirmation before definitively linking the matching account to the corresponding Oracle Identity Cloud Service users based on the defined User Identifier and Application Identifier fields.
5. In the Max. number of creates field, enter a number greater than or equal to 10.
   This value limits the number of accounts to create per synchronization.
6. In the Max. number of deletes field, enter a number greater than or equal to 10.
   This value limits the number of accounts to delete per synchronization.
7. From the Synchronization Schedule drop-down list, select an option to specify a schedule for the synchronization. Available options are: Never, Every Hour, Every Day, or Every Week.
8. Click Finish.
   Oracle Identity Cloud Service displays a confirmation message.
9. 
   

Activate the Fusion Application in Oracle Identity Cloud Service

After you activate the application, you can assign users or groups to Oracle Fusion Applications and trigger the user provisioning process.

1. Click Activate, and then click Activate Application.
   Oracle Identity Cloud Service displays a confirmation message.
2. Provide the Oracle Identity Cloud Service identity provider Metadata.xml file to the Fusion Apps Support team so that they can import or create an identity provider connector on the Oracle Fusion Applications side.