Preparing Oracle ERP Cloud
Before registering your Oracle ERP Cloud application instance with Oracle CASB Cloud Service, you need to create a dedicated administrative user within Oracle ERP Cloud and ensure that Oracle ERP Cloud auditing is enabled.
Creating a Dedicated Oracle CASB Cloud Service User in Oracle ERP Cloud
Create a dedicated user account for Oracle CASB Cloud Service in the Oracle ERP Cloud account that you want to monitor.
The user cannot use multifactor or federated authentication (for example, through a single sign-on service). You will use the login credentials for this user to allow Oracle CASB Cloud Service to connect to Oracle ERP Cloud and retrieve system events.
Note:
If you have already created a dedicated Oracle CASB Cloud Service administrative user account for another application within Oracle Applications Cloud, it is not necessary to create another user now.-
You can use that existing user for all Oracle Applications Cloud services to communicate with Oracle CASB Cloud Service.
-
Or you can create a new user for individual Oracle Applications Cloud services, if you prefer.
Enabling Business Object Auditing for Oracle ERP Cloud
Configure auditing on business objects.
This task is necessary to enable business object auditing, so that you can customize the list of business objects that you want to monitor Oracle CASB Cloud Service to monitor for each Fusion Application instance that you register.
Note:
You must perform this task for each Fusion Application instance that you register. If you do not perform this task for a Fusion Application instance, Oracle CASB Cloud Service can't monitor business objects for that instance.
Enabling Role Auditing for Oracle ERP Cloud
Set the security level for Oracle Platform Security Services (OPSS) auditing to capture all of the security events for the role changes that you want Oracle CASB Cloud Service to audit.
The default OPSS audit level for Oracle Fusion Applications is “none” — you must change this setting to Low - Critical Events Only, in order to fully enable role auditing.
Note:
You only need to set the OPSS audit level once, to support role auditing for all the application instances from the same Fusion Applications POD that are registered in the same Oracle CASB Cloud Service tenant.
- Log in to the Oracle Fusion Applications console.
- In the Oracle Fusion Applications console home page:
- Open the Navigator.
- Scroll down.
- Click Setup and Maintenance in the lower-right corner.
- On the Setup: Compensation Management page:
- In the Search Tasks box, enter manage audit policies.
- Click the Search icon .
- In the search results, select Manage Audit Policies.
- On the Manage Audit Policies page:
- At the right end of the Oracle Platform Security Services row, set Audit Level to Low - Critical Events Only.
- Click Save and Close.
Enabling Association of Oracle CASB Cloud Service with Oracle Access Manager (OAM) for ERP Cloud
If you want to enable OAM association Oracle CASB Cloud Service, submit an Oracle Service Request.
This task is necessary to ensure that auditing is enabled for login and logout events for Fusion Application instances that Oracle ERP Cloud monitors.
Note:
You only need to enable OAM association once for the same Fusion Applications POD in the same Oracle CASB Cloud Service tenant. The OAM association option is then available to all instances of Oracle Fusion Applications (such as Oracle ERP Cloud, Oracle HCM Cloud, or Oracle Sales Cloud) in that Fusion Applications POD on that Oracle CASB Cloud Service tenant.
Enabling OAM association with Oracle CASB Cloud Service is a two-step process:
-
First, you must submit an Oracle Service Request, as described in the next section below.
-
After that request is fulfilled, you must enable OAM once for a Fusion Application in Oracle CASB Cloud Service.
You can do this when you register your Oracle ERP Cloud instance (see Adding an Oracle ERP Cloud Instance), or after registration (see Updating the Credentials for an Oracle ERP Cloud Instance).
Submitting an Oracle Support Service Request to enable OAM
Note:
In order to associate with OAM, you must be using Oracle Access Manager version R13 18.02 and you must request that your Oracle CASB Cloud Service tenant be enabled. To enable association with Oracle Access Manager, contact Oracle Support (http://support.oracle.com). If you have not registered yet, you will need your Customer Support Identifier (CSI) in order to register to submit service request tickets. As an alternative, you can also contact your Oracle CASB Customer Success Manager.
Whitelisting Oracle CASB Cloud Service if Oracle ERP Cloud Fusion POD is Whitelisted
If Oracle ERP Cloud Fusion POD is whitelisted, you must whitelist some IP addresses for Oracle CASB Cloud Service.
Note:
You must perform this task for each Fusion Application instance that you register, if the Fusion Application POC is whitelisted. If you do not perform this task for a Fusion Application instance, Oracle CASB Cloud Service can't monitor that instance.
- Browse to the Oracle Knowledge Base article, How To Integrate Oracle Fusion Cloud With Oracle CASB.
- Scroll down to the section titled, Deployment Considerations If Fusion POD is whitelisted.
- Whitelist the IP address listed there for the URL where your Oracle CASB Cloud Service tenant is hosted.