Contents
1 An Introduction to HCM Security in the Cloud
- Overview of Securing Oracle HCM Cloud
- Role-Based Security
- Predefined HCM Roles
- Role Types
- Role Inheritance
- Duty Role Components
- Aggregate Privileges
- Guidelines for Configuring Security
- Options for Reviewing Predefined Roles
- Oracle Fusion Applications Security Console
2 Creating Implementation Users
- HCM Implementation Users
- Overview of Creating HCM Implementation Users
- Synchronize User and Role Information
- Import Users and Roles into Applications Security
- Create the TechAdmin Implementation User
- Create the HCMUser Implementation User
3 Creating HCM Data Roles for Implementation Users
- Overview of HCM Data Roles for Implementation Users
- Create the HRAnalyst_ViewAll Data Role
- Create the HCMApplicationAdministrator_ViewAll Data Role
- Create the HRSpecialist_ViewAll Data Role
- Create the HCMIntegrationSpecialist_ViewAll Data Role
- Create HCM Data Roles for Workforce Compensation Implementation Users
- Create HCM Data Roles for Global Payroll Implementation Users
4 Enabling Basic Data Access for Abstract Roles
5 Assigning Roles to Implementation Users
- Create a Role Mapping for HCM Implementation Data Roles
- Assign Abstract and Data Roles to HCMUser
- Verify HCMUser Access
- Reset the Cloud Service Administrator Sign-In Details
6 Setting Up Applications Security
- Overview of Applications Security Setup Tasks
- User-Name Formats
- Password Policy
- Configure a Custom Password Policy
- Role Preferences
- User Categories
- Add Users to a User Category
- User-Name and Password Notifications
- How can I enable notifications for pending workers?
- Why don't I see my user name in the forgot password email notification?
- Why don't I see my user name in the forgot user name email notification?
- Create a Notification Template
- Schedule the Import User and Role Application Security Data Process
- Schedule the Import User Login History Process
- Why You Should Run the Send Pending LDAP Requests Process
- Schedule the Send Pending LDAP Requests Process
- Retrieve Latest LDAP Changes
7 Managing Location-Based Access
- Overview of Location-Based Access
- How Location-Based Access Works
- Enable and Disable Location-Based Access
- Examples of Location-Based Access in Oracle HCM Cloud
- FAQs for Managing Location-Based Access
8 Single Sign-On
- Oracle Applications Cloud as the Single Sign-On (SSO) Service Provider
- Configure Single Sign-On
- FAQs for Single Sign-On
- Does the service provider store user passwords?
- Can I set up an identity provider without enabling it?
- How can I allow my users to sign in using their company's credentials?
- What should I do to extend the validity of certificates provided by the identity provider?
- How can the identity provider obtain renewed certificates from the service provider?
- How can I disable Single Sign-On when I am not signed in to the application?
- What are the different events and notifications associated with the Single Sign-On functionality?
9 API Authentication
- Configure Inbound Authentication
- Configure Outbound API Authentication Using JWT Custom Claims
- Configure Outbound API Authentication Using Three Legged OAuth Authorization Protocol
- Enable OAuth Three-Legged Authentication for Creating External Client Application
- Is there a recommended format for the public certificate?
10 Export and Import of Security Setup Data
- Export and Import of Security Console Data
- Export and Import of HCM Custom Roles and Security Profiles
- Export and Import a Custom Role
11 Preparing for Application Users
- Overview of Preparing for HCM Application Users
- User and Role-Provisioning Setup Options
- User Account Creation Option
- User Account Role Provisioning Option
- User Account Maintenance Option
- User Account Creation for Terminated Workers Option
- Set the User and Role Provisioning Options
- Provision Abstract Roles to Users Automatically
- FAQs for Preparing for Application Users
12 Creating Application Users
- Options for Creating HCM Application Users
- Create Oracle HCM Cloud Users Using the New Person Tasks
- Create Oracle HCM Cloud Users Using the Create User Task
- Enable Validation of Work Email for Users and Roles
- FAQs for Creating Application Users
13 Managing Application Users
- Manage HCM User Accounts
- User Names
- Why You Send Personal Data to Identity Store
- How You Manage an Incomplete Request for an HCM User Account
- Link an Existing User Account to a Person Record
- How User Accounts Are Suspended
- How You Manage Application Users on the Security Console
- Create a Custom Role with Limited Access
- Get User Sign-in Sign-out Information
- Provide Read-Only Access
- FAQs for Managing Application Users
- What happens when I autoprovision roles for a user?
- Why did some roles appear automatically?
- Why is the user losing roles automatically?
- Why can't I see the roles that I want to assign to a user?
- What happens if I deprovision a role from a user?
- What's a delegated role?
- What happens if I revoke user access from a person with multiple active work relationships?
- Why does this worker have no user account?
- What happens when I link a user account?
- What happens if I edit a user name?
- What happens when I copy personal data to Identity Store?
- What happens if I send the user name and password?
- What happens if I reset a user's password?
- How can I notify users of their user names and passwords?
- Can I enable user impersonation?
14 Provisioning Roles to Application Users
- Role Mappings
- Create a Role Mapping
- Examples of Role Mappings
- Role Provisioning and Deprovisioning
- Autoprovisioning
- Guidelines for Editing Role Mappings
- Best Practices for User and Role Provisioning in HCM
- FAQs for Provisioning Roles to Application Users
15 Reporting on Application Users and Roles
- Run the User Details System Extract Report
- User Details System Extract Report Parameters
- User Details System Extract Report
- Person User Information Reports
- User History Report
- View Role Information Using Security Dashboard
- LDAP Request Information Reports
- Inactive Users Report
- User Role Membership Report
- User and Role Access Audit Report
- User Password Changes Audit Report
- View Locked Users and Unlock Users
- FAQs for Reporting on Application Users and Roles
16 HCM Data Roles and Security Profiles
- HCM Data Roles
- HCM Security Profiles
- Predefined HCM Security Profiles
- Create an HCM Data Role
- Best Practices for HCM Data Roles and Security Profiles
- Regenerate Security Profiles
- Role Delegation
- Configure Access to List of Proxy Users in Role Delegation
- How You Enable Delegation for a Role
- Assign Security Profiles to Job and Abstract Roles
- How You Preview HCM Data Security
- Configure HCM Data Roles and Security Profiles for Audit
- HCM Data Roles Configuration Diagnostic Test
- HCM Security Profile Configuration Diagnostic Test
- HCM Securing Objects Metadata Diagnostic Test
- FAQs for HCM Data Roles and Security Profiles
17 Person Security Profiles
- Guidelines for Securing Person Records
- How You Secure Person Records by Area of Responsibility
- Secure Person Records by Area of Responsibility
- Create an HCM Exclusion Rule
- Options for Securing Person Records by Manager Hierarchy
- Manager Type in Person Security Profiles
- Hierarchy Content in Person Security Profiles
- Person Type in Person Security Profiles
- Include Shared People Information in a Person Security Profile
- How You Secure Access to Candidates with Job Offers in Manage Job Offer Task
- Custom Criteria in Person Security Profiles
- Tables and Views in Custom Criteria
- FAQs for Person Security Profiles
- Can users see the contact records of the people they can access?
- What happens if a person has multiple assignments or person types?
- Can I secure access to person records by workforce structures or global name range?
- How can I exclude some records from a person security profile?
- What happens when I select the Access to own record check box?
18 Organization and Other Security Profiles
- How You Secure Organizations
- Guidelines for Securing Organizations
- Examples of Organization Security Profiles
- Guidelines for Securing Positions
- Hierarchy Content in Position Security Profiles
- Examples of Position Security Profiles
- Document Type Security Profiles
- Legislative Data Group Security Profiles
- Transaction Security Profiles
- Payroll Security Profiles
- Flow Security and Flow Owners
- Examples of Flow Pattern Security Profiles
- Talent Pool Security Profiles
- Create a Security Profile for Talent Pools
- FAQs for Organization and Other Security Profiles
- What's the difference between a generic organization hierarchy and a department hierarchy?
- What happens if I select an organization security profile for a generic organization hierarchy?
- What happens if I use the department or position from the user's assignment as the top department or position?
- When do I need a country security profile?
- When do I need a job requisition security profile?
- What happens if I include future objects in a security profile?
- How do I know which 'Organization hierarchy' scope to select for Area of Responsibility?
- Why doesn't 'Organization hierarchy for legal employer' appear as an option under Scope of Responsibility for position security profile?
19 Using the Security Console
- Graphical and Tabular Role Visualizations
- Simulate Navigator Menus
- Review Role Assignments
- Review Role Hierarchies
- Compare Roles
- Compare Users
- Role Information on the Analytics Tab
- Analytics for Data Resources
20 Creating and Editing Job, Abstract, and Duty Roles
- Guidelines for Copying HCM Roles
- Security Console Role-Copy Options
- Guidelines for Copying Abstract Roles
- Copy Job Role and Abstract Role
- Edit Job Role and Abstract Role
- Manage Role Definitions Using CSV File Packages
- Create Job Role and Abstract Role from Scratch
- Copy and Edit Duty Roles
21 Regenerating Roles
- Regenerate Roles
- Run the Regenerate Data Security Grants Process
- Regenerate Data Security Profiles and Grants Job Set
22 Securing Access to Value Sets
23 Securing Content Sections in Person Profiles
24 Securing Access to Succession Plans, Incumbents, and Candidates
- Overview of How to Secure Access to Succession Plans, Incumbents, and Candidates
- Create a Succession Plans Super User Job Role
- Configure Access to Lists of Incumbents and Candidates
- Restrict Line Managers to Only View Succession Plans
- How You Enable Managers to Manage Their Succession Plans
25 Securing Access to Talent Pools
- Overview of Security Profiles for Talent Pools
- Assign Talent Pool Security Profiles to Specific Roles
- Overview of Creating a Talent Pools Super User Job Role
- Create a Talent Pools Super User Job Role
26 Securing Access to Talent Review Meetings
27 Security and the Responsive User Experience
- Privileges and Roles Securing Lists of Values in Responsive User Experience Pages
- Overview of Quick Actions
28 Security and Reporting
- Oracle Fusion Transactional Business Intelligence Security
- Reporting-Data Security
- Business Intelligence Roles
- View Reporting Roles and Permissions
- Business Intelligence Publisher Secured List Views
- Business Intelligence Publisher and PII Data
- Dimension Security
- FAQs for Security and Reporting
29 Roles for Workflow Access
30 Auditing Oracle HCM Cloud Business Objects
- How You Audit Oracle HCM Cloud Business Objects
- Enable Audit for Oracle HCM Cloud Business Objects
- Auditable Oracle HCM Cloud Business Objects
- Enable Audit for Oracle Platform Security Services
- Options for Enabling Access to HCM Audit Data
- Sensitive Data Access Audit
- Auditing Talent Pool Security Profiles
31 Certificate Management
- Overview of Certificates
- Types of Certificates
- Sign a X.509 Certificate
- Import and Export X.509 Certificates
- Import and Export PGP Certificates
- Delete Certificates