1. Administering Oracle Content Management
  2. Configure System Settings
  3. Configure Users Settings

Configure Users Settings

You can configure Oracle Content Management specific user and group settings through the Users page of Oracle Content Management Administration: System.

For information on managing users or groups through your identity service, to perform tasks such as creating users or groups or changing users’ roles, see Manage Users, Groups, and Access.

From the Users page, you can perform the following actions:

You can perform additional on each of the tabs.

Tab Actions
Search Use this tab to search for users and groups.

After finding a user, you can perform the following actions:

After finding a group, you can change settings for the group, including whether the group can be used for sharing, whether they'll be sent notifications. You can also check whether the group is in sync.

Administrators Use this tab to view a list of users with the service administrator role. You can perform the same user actions that are available on the Search tab.
Deprovisioned Users Use this tab to view a list of deprovisioned users and manage their files by transferring file ownership or deleting the content.
Group Sync Use this tab to view and resynchronize groups that are out of sync.

Set the Default Resource Role for New Folder Members

Users in your organization can share folders with other users and assign them a resource role within the shared folder. The following roles are available:

  • Viewer: Viewers can look at files and folders, but can't change things.
  • Downloader: Downloaders can also download files and save them to their own computers.
  • Contributor: Contributors can also modify files, update files, upload new files, and delete files.
  • Manager: Managers have all the privileges of the other roles and can add or remove other people as members.

To change the default resource role:

  1. After you sign in to the Oracle Content Management web application as a service administrator, click System in the Administration area of the navigation menu.

  2. In the System menu, click Users.
  3. Under Members, in the Default role for new members added to folders list, select the resource role users will be assigned by default when added to a folder.

Enable or Disable External Users

You can invite people outside of your organization, external users, to collaborate on objects to which they're given access. After you enable external users with the setting described below, your existing users can invite new external users simply by adding them as members to folders, standard sites, or conversations by entering their email addresses. If there isn't already a user with that email address, Oracle Content Management will automatically provision a new external user.

Enable External Users

To enable external users:

  1. After you sign in to the Oracle Content Management web application as a service administrator, click System in the Administration area of the navigation menu.

  2. In the System menu, click Users.
  3. Under Members, next to Allow members to invite external users to this service, click Enabled. After enabling external users, new settings become available.
  4. If you want to restrict the creation of external users from unwanted domains, enter the domains, separated by commas. Users from these domains can't be added as external users; they must instead be provisioned as internal users. Don't include the @ symbol.
  5. Enter the number of days after which you want external user invitations to expire. If the invitation hasn’t been accepted by the external user after this time, it will be removed from the system and the user will need to be invited again.
  6. If you have a federated identity provider, you can redirect external user invitation requests through your own identity provider. Next to Use External Identity Provider for new user invites, click Enabled, and enter the required information for the associated outgoing webhook:
    1. In the Target URL box, enter the target URL (endpoint) of the application that will receive user invitation notifications.
    2. If the endpoint requires authentication, select the type of authentication, and then click Details to enter the authentication information.

      Oracle Content Management webhooks support the following options to configure authentication for the webhook notification receiver:

      • None: The receiver does not require authentication.
      • Basic: The receiver requires Basic Auth.
      • Header: The receiver requires a Secure Header.
    3. To allow the endpoint to use a self-signed SSL certificate, select Allow endpoint to use Self-Signed SSL certificate. This allows the receiver to accept a self-signed SSL certificate. This is recommended only in testing or development.
    4. To authenticate the call between the external service and Oracle Content Management when event notifications are sent to the webhook endpoint, Oracle Content Management signs the event with a signature. The signature is a security token in hash-based message authentication (HMAC) code, using the standard SHA-256 HMAC cryptography. You can use the HMAC token to verify that the notifications are sent by Oracle Content Management.

      To enable this option:

      1. Select Use Signature Based Security. The receiver will then require the server and client authentication tokens to be equal.
      2. In the Secret box, enter a secret key that consists of alphanumeric characters (lowercase letters a-z, digits 0-9) and is 32 characters.
    5. Click Save.
    6. Set up a service to receive the webhook payload. When an external user invite event is triggered, Oracle Content Management sends a webhook payload similar to the following:
      {
  "webhook": {
    "id": 1010,
    "name": "User Invitation webhook"  
},
  "event": {
    "id": "629314f9-593e-4bf5-bf06-519c1ca9b160",
    "name": "USER_INVITED",
    "registeredAt": "2023-03-14T10:04:41.381Z",
    "initiatedBy": "system"
  },
  "entity": {
    "id": "543c29a25d9bb753c4d2fd5e6326bd8e",
    "message": "Welcome to the the demo application!",
    "invites": [
      {
        "userName": "user1",
        "email": "user1.demo@oracle.com",
        "firstName": "user1",
        "lastName": "demo",
        "title": "Associate",
        "country": "IN",
        "additionalAttributes": {
          "key1": "value1",
          "key2": "value2"
        }
      },
      {
        "userName": "user2",
        "email": "user2.demo@oracle.com",
        "firstName": "user2",
        "lastName": "demo",
        "title": "Associate",
        "country": "IN",
        "additionalAttributes": {
          "key1": "value1"
        }
      }
    ]
  }
}
    7. Create a new user in your identity provider, based on the webhook payload.
    8. Sync the user to IDCS, assigning the user the external user application role (CECExternalUser). Oracle Content Management then syncs the user, completing the external user invitation process.
  7. Click Save to save your changes.

Disable External Users

To disable external users:

  1. After you sign in to the Oracle Content Management web application as a service administrator, click System in the Administration area of the navigation menu.

  2. In the System menu, click Users.
  3. Under Members, next to Allow members to invite external users to this service, click Disabled.
  4. When a user attempts to invite an unregistered user when external users are disabled, they'll see a message saying they can't invite external users. You can leave the default message or create a custom message. To create a custom message, select Custom, and then enter the message you want to display.
  5. Click Save to save your changes.

    Note:

    If you want to test your custom message, you must reload the page after saving your changes.

Search for Users and Groups

On the Search tab, you can search for users and groups by entering part of the user or group name, display name, or email address in the text box, and then clicking Search. Alternatively, you can view a list of all users with the service administrator role on the Administrators tab, or a list of all users that have been deleted on the Deprovisioned Users tab.

Users

On the Search and Administrators tabs, each user entry includes the following:

  • The user's display name
  • Their user name
  • Their email address
  • Their verification status.

    User accounts are verified using one of the following methods:

    • The user was located in an external account database such as an LDAP (Lightweight Directory Access Protocol) directory service directory.
    • An email was sent to the user, the user clicked the link in that email to verify their identity, and then they signed in.

Click the user's display name or the Edit button to view or edit the user's properties. From there, you can see additional information and perform additional actions:

Groups

On the Search tab, each group entry includes the following:

  • The group's name
  • The group type (PUBLIC_OPEN or PRIVATE_CLOSED)
  • The group origin (CEC or IDP), indicating whether the group was created in Oracle Content Management (CEC) or in your identity provider (IDP)

Click the group's name or the Edit button to view or edit the group's properties. From there, you can see additional information and perform additional actions:

  • View the group's name, ID, group type, and origin type.
  • Change settings for the group, including whether the group can be used for sharing, whether they'll be sent notifications. You can also check whether the group information is in sync.

Synchronize User Profile Data

After you add users and assign application roles, you can synchronize those changes with the Oracle Content Management server right away. If you don't synchronize user profile data, it may take up to an hour for the changes to get propagated.

You can replace a user's existing profile information with the information from your identity store:

  1. After you sign in to the Oracle Content Management web application as a service administrator, click System in the Administration area of the navigation menu.

  2. In the System menu, click Users.
  3. Search for the user whose profile data you want to sync, click Edit next to the user’s name, and click Sync Profile Now on the user details page.

Display Conversation Membership Messages for a User

Configure whether to show the user conversation membership messages (when a person is added to a conversation and who added them) by default. A user can change this display setting for any stand-alone conversation.

  1. After you sign in to the Oracle Content Management web application as a service administrator, click System in the Administration area of the navigation menu.

  2. In the System menu, click Users.
  3. On the Search tab find the user whose default you want to set. Enter part of the user name, display name, or email address in the text box and click Search.
  4. Click Edit next to the user’s name.
  5. Select the Show Conversation Membership Messages by Default check box and click Save.

Override Storage Quota for a User

You can set a default quota for the amount of storage space that a user is allocated. If you need to override the default for a particular user you can do so using the following steps.

  1. After you sign in to the Oracle Content Management web application as a service administrator, click System in the Administration area of the navigation menu.

  2. In the System menu, click Users.
  3. Search for the user whose settings you want to override and click Edit next to the user’s name.
  4. In the User Quota box, enter the quota amount in gigabytes, and then click Save.

    You can see how much storage the user has used next to Storage consumed.

Transfer File Ownership

When people leave your organization or change roles, you might want to assign their files and folders to someone else and add their storage quota back to the total quota you have available for assignments. You can assign a person’s entire library of content to someone else. The content appears as a folder in the new user’s root folder. All of the sharing actions, such as members and public links, remain intact.

  1. After you sign in to the Oracle Content Management web application as a service administrator, click System in the Administration area of the navigation menu.

  2. In the System menu, click Users.
  3. Find the user whose files you want to transfer using one of the following methods:
    • To find an active user, on the Search tab enter part of the user name, display name, or email address in the text box and click Search. Open the user properties by clicking the user name or clicking Edit next to the user.
    • To find a deprovisioned user, click the Deprovisioned Users tab. You see a list of all users who have been removed from your organization's system, sorted by name. This list is refreshed on a regular basis, but you can also update it manually by clicking Sync Profile Data.

    To download a CSV file of all deleted users, click Export Deprovisioned Users.

  4. Click Transfer Ownership. For active users, the button is at the bottom of the properties. For deprovisioned users, click the button next to the user you want.
  5. Enter part of the user name, display name, or email address of the person who will receive the content and click Search.
  6. Select the user you want to transfer the content to. A message shows that the content will increase the recipient's quota by the amount of content being transferred. It also shows you how much storage will be released back into the total quota you have available.
  7. Click Transfer. The content is transferred and the list shows that the deprovisioned account is gone.

Alternatively, for deprovisioned users, you can delete the content. On the Deprovisioned Users tab, next to the user whose content you want to delete, click Delete Content.

Users can also transfer ownership of their own folders.

Override Temporary Quota for a User

By default the maximum upload and sync file size is 2GB (set on the Documents page). To ensure more than one 2GB file can be uploaded simultaneously, the default temp storage quota for users is 5GB. If your maximum file size is set higher, the temp storage quota for users is automatically increased to 2.5 times that amount (for example, if the maximum file size is set to 10GB, the temp storage quota for users is set to 25GB).

This temp storage quota setting should suffice for normal circumstances, but if you need a particular user to have a higher Temp Storage quota, you can override the setting.

  1. After you sign in to the Oracle Content Management web application as a service administrator, click System in the Administration area of the navigation menu.

  2. In the System menu, click Users.
  3. Search for the user whose settings you want to override and click Edit next to the user’s name.
  4. In the Temp Quota box, enter the quota amount in gigabytes, and then click Save.

Revoke Access to Linked Devices

Users can revoke access to one of their linked devices if they change devices or lose one, but there might be cases where you, as an administrator, need to perform this action. When you revoke access to a linked device, the user’s sign-in session is ended. If you or anyone else tries to access Oracle Content Management from the device, the account is signed out and all local content stored on the device for that account is deleted.

Revoking access for the device affects only one account, so if the person has multiple user accounts, you need to revoke access separately for each user account to block all access to Oracle Content Management and delete all local content stored on the device.

  1. After you sign in to the Oracle Content Management web application as a service administrator, click System in the Administration area of the navigation menu.

  2. In the System menu, click Users.
  3. Search for the user whose device access you want to revoke and click Edit next to the user’s name.
  4. Under Linked Devices, click Revoke next to the appropriate device.

Change Settings for Groups

You can change the sharing and notification settings for groups and resynchronize groups.

To change settings for groups:

  1. After you sign in to the Oracle Content Management web application as a service administrator, click System in the Administration area of the navigation menu.

  2. In the System menu, click Users.
  3. Search for the group whose settings you want to change, then click Edit next to the group's name.
  4. If you don't want the group to be used for sharing, so that users can't add the group to an object (such as a document or a site), select Cannot be used for sharing.
  5. If you don't want this group to be sent notifications, select Will not be sent notifications.
  6. To check if the group is in sync, click Check Synchronization Status. A message will show the status.

    If you need to resynchronize the group information, click Synchronize.

View and Resynchronize Groups Out of Sync

If you believe a group in Oracle Content Management is out of sync, you can see a report of the mismatches and manually resynchronize the group. For example, if a user can't access an item to which they should have access through group membership, the group may be out of sync.

To view group sync mismatches:

  1. After you sign in to the Oracle Content Management web application as a service administrator, click System in the Administration area of the navigation menu.

  2. In the System menu, click Users.
  3. Click the Group Sync tab.
  4. Search for the group you think is out of sync, then click Check Synchronization Status.
  5. If the report shows that the group in Oracle Content Management is out of sync, click Synchronize.

    Note:

    Groups that are restricted from sharing and groups that include only site visitors can't be synchronized.