Wednesday 6 November 2024

ERP - GL - Chart Of Accounts

Segments in General Ledger

 Segments are dimensions used to represent an account in a financial system. A company can have anywhere from 3 to 30 segments, with each segment representing a specific type of account.

  1. First Segment: This can represent a company name. For example, an individual may own multiple companies, such as Tata Consultancy, Tata Motors, and Tata Power.
  2. Second Segment: This represents a business unit or department within the company. Examples include Sales, Administration, Finance, and Procurement.
  3. Third Segment: This segment indicates account types. Examples include Cash, Revenue, Payables, Intercompany Payables, Note Revenue, Unrecognized Revenue, Expenses, and Accruals.

Each of these segments will have predefined values. For instance:

  • Segment 1: 1001, 1002, 1003
  • Segment 2: 2001, 2002, 2003
  • Segment 3: 3001, 3002, 3003

 

The account combination is formed by combining these segments, such as:

  • 1001-2003-3001
  • 1002-2001-3002

 

Managing Chart of Accounts

Manage Chart of Account Value Sets: This task allows you to create value sets for each segment. You can define attributes such as name, length, and type. We can add the values for these value sets. 

Manage Chart of Accounts Structure: To set this up, select “Manage Structure,” provide a name, code, and delimiter (e.g., “-”). Then, add the structure by specifying the segment names, corresponding value sets, and labels using the available options.

  • Company: Primary Balancing Segment
  • Department: Cost Centre Segment
  • Account: Natural Account Segment

Other Available Segment Labels

  1. Intercompany Segment
  2. Local Use Segment
  3. Management Segment
  4. Primary Balancing Segment
  5. Secondary Balancing Segment
  6. Third Balancing Segment

Finally, create an instance of this structure and deploy it for use. You can use the “Manage Chart of Account Structure” task to create and deploy the instance.

 


Thursday 31 October 2024

Microsoft Azure Fundamentals - AZ -900

Basic Terminologies: 

Cloud Computing :  The delivery of computing services over the internet.  Flexible Resources, Pay As you Go.

Types of Cloud :  Public Cloud, Private Cloud and Hybrid Cloud.

HA - High Availability - Ability of a system to remain operational to users during planned or unplanned outage.  It also measured in terms of total uptime.

 

Scalability - Ability of the system to scale up or down by adding resources based on the demand.

Vertical Scaling - Scaling Up or Scaling down by addition additional resources such as CPU , Memory.

Horizontal Scaling - Scaling Out and Scaling In by adding additional servers.

 

Elasticity - Ability of the system to quickly and easily scale up/down automatically based on the demand.  This is also called as Autoscaling - Based on the resource monitoring alerts.

Reliability - The ability of the system to recover from failures.  Auto Scaling , multi region, Data backups and replication.

 Predictability - Ability of the system to forecast and control the performance and behavior of the system.

Governance - The process of defining, implementing and monitoring the policies defined at Org level for cloud operations.  Perform basic auditing and reporting . Compliant with industry standard such as HIPAA or PCC or GDPR.

HIPAA - Health Insurance Portability and Accountability Act. US Law.

PHI - Protected Health Information.

GDPR - General Data Protection Regulation - EU Law.


Azure Concepts and Services

Regions

  • Geographical areas where Azure datacentres are located.

Region Pairs

  • Regions interconnected with a low-latency network.

Sovereign Regions

  • Private cloud regions requiring approval to create or join a subscription.

Public Clouds

  • Also known as Azure Commercial.

Availability Zones

  • Physical datacentre locations within a region, with up to three availability zones interconnected by a low-latency network.

Types of Availability Zone (AZ) Services

  1. Zonal Services: Services present in a specific AZ, like virtual machines.
  2. Zonal-Redundant Services: Multi-AZ services, such as load balancers and SQL databases, with replicas for failover.
  3. Always Available Services: Azure-managed or global services deployed across multiple regions, like Active Directory or Azure Front Door.

Resources, Resource Groups, and Subscriptions

  • Resources: All services provided by Azure.
  • Resource Groups: Collections of related resources, helping manage services like all DEV resources. Access permissions can be set at the resource group level.
  • Subscriptions: Billing units for resources, with companies able to subscribe to multiple subscriptions, e.g., one for each department.
  • Management Groups: Optional service for managing multiple subscriptions, though not widely used.

 

Core Azure Services

  1. Compute Services
  2. Network Services
  3. Storage Services
  4. Database Services

Compute Services

  • Virtual Machines (VMs)
  • VM Scale Sets: Also known as Auto Scaling Groups.
  • App Services / Web Apps
  • Azure Container Instances (ACI): Single container instances for running container images.
  • Azure Container Apps: Multiple containers with load balancers.
  • Azure Kubernetes Service (AKS): Container orchestration service.
  • Azure Virtual Desktop (AVD): Virtualized desktops accessible from mobile and web browsers.

Virtual Machine Scale Sets

  • Auto-scaling groups for horizontal scaling, increasing VM count based on demand.
  • Includes a load balancer to distribute load across VMs.
  • Can handle 100 to 1,000 VMs.

Availability Sets

  • Also known as Placement Groups in OCI.
  • Place multiple instances in separate fault domains or RACs to avoid failures.
  • Separate update domains ensure patches are applied in batches, minimizing downtime.

Proximity Groups

  • Placement groups for VMs to reduce latency by placing them nearby.

App Services / Web Apps

  • PaaS services provided by Azure, with no access to hardware.

 

Windows VM - Installing New Software

  • Use Server Manager to install new software.
  • Use Add Roles and Features to add new software.
  • Adding the Web Service IIS server role allows for adding a web server.

Vertical Scaling

  • Requires a VM restart.

Web Apps

  • Server names must be globally unique.
  • Select runtime stack (Java/.NET/PHP/Python/Node) during creation.
  • Choose VM type (Windows or Linux) and pricing plan.
  • Configure databases and GitHub during provisioning.

Azure Functions

  • Create functions by selecting supported technology, which creates a function executor.
  • Inside the executor, create the code to perform tasks.
  • Choose execution methods (HTTP URL, scheduled, event-based).
  • Azure provides sample code that can be updated as needed.
  • Select the default URL to invoke the API.

Container Instances / Container Apps

  • Use Azure Registry or an external registry to download images.

 

Azure Networking

Virtual Network (VNets)

  • Assigned with IPv4 or IPv6 network addresses.
  • These IPs are private and cannot be accessed from the internet.
  • All VNets are subdivided into subnets, each with an IP address that is a subset of the VNet’s IP address.
  • All VMs are attached to a subnet via a Virtual Network Interface Card (VNIC). Some VMs can have more than one VNIC and can connect to multiple subnets.
  • VMs can be assigned a public IP address to be accessed from the internet.

Network Security Group (NSG)

  • Acts like a virtual firewall. All traffic passes through NSG rules.
  • By default, all traffic is disabled. ALLOW rules must be defined to enable traffic.
  • Rules are executed in ascending order.
  • An Access Control List (ACL) is defined to control ingress and egress flows.
  • NSG rules are based on the following five tuples:
    • Source IP
    • Source Port
    • Destination IP
    • Destination Port
    • Protocol

Peering

  • Allows two VMs on different VNets to communicate.
  • Enables connection between subnets on different VNets.

Azure DNS (Domain Name System)

  • Can be used to resolve local hostnames, also known as private domain names.
  • It’s a private DNS available over the internet.

VPN (Virtual Private Network)

  • Encrypts traffic between two points.
  • A VPN physical device must be installed on a private/on-premises network to establish a VPN connection.
  • Azure provides a VPN Gateway to be installed on the Azure network to establish the VPN connection.
  • The VPN Gateway needs to be installed on a separate subnet.
  • Desktop to office VPN connection is also called Point-to-Site (P2S) VPN connection.
  • Network-to-network (on-premises to cloud) connection is called Site-to-Site (S2S) VPN connection.

ExpressRoute

  • Provides a direct wired connection to Azure.
  • Offers low latency connection.
  • Connection is established from an Internet Service Provider (ISP) to Azure.
  • It’s a private connection.

 

Azure Storage:

  • Container Storage (Blob Storage): Used to store objects.
  • File Storage
  • Queue Storage
  • Table Storage
  • Disk Storage: Used for VM storage, including SSD, SSDv2, and Ultra Disk (Solid State Drives).

General Purpose (GP) Storage:

  • Data Lakes: Used for high volume and large size data storage.

Container Storage:

  • Stores unstructured data/files.
  • Can be public or private.
  • It’s a regional service and can be created in any region.
  • Provides redundancy services, storing files in multiple zones or fault domains.
  • Offers global redundancy, storing files across multiple regions.
  • Data is stored in four tiers:
    • HOT: Frequently accessed, balanced cost.
    • COOL: Infrequent access, cheaper storage, expensive retrieval. 30 days
    • COLD: More than 90 Days
    • ARCHIVE: Very cheap, used for data archival. 180 days

Creating a Storage Account:

  • Generates a unique URL to access files.
  • Options include:
    • LRS: Local Redundancy Service
    • ZRS: Zonal Redundancy Service
    • GRS: Geo/Global Redundancy Service
    • GZRS: Geo Zonal Redundancy Service
  • Enable versioning.
  • Enable event notifications to track changes.
  • Make files immutable.
  • Files are encrypted by default using Microsoft Managed Keys (MMK).

Inside a Storage Account:

  • Create specific storage types such as Container, File, Queue, or Table.
  • Generate a Shared Access Signature (SAS) at the Container/File/Account level to access files.
  • Create lifecycle management rules to move files between tiers.
  • Use Azure Storage Explorer desktop app to access files.
  • Use AzCopy to copy files between containers on different subscriptions or within the same subscription:
    • AzCopy copy 'Source SAS URL' 'Destination SAS URL'

Azure File Storage:

  • Follows a hierarchical structure.
  • Can be mounted to VM machines and added as a drive.
  • Supports SMB (Server Message Blocks) and NFS (Network File Storage) protocols:
    • SMB: All platforms.
    • NFS: Linux.
  • Azure File Sync: Allows applications to use both on-premises and cloud file storage, with binaries on-premises and app files in the cloud.

Azure Migrate:

  • Tool to perform assessment and migrate servers. It discovers, assesses, and migrates servers.

Azure Data Box:

  • Comes in three flavors: Data Box, Data Box Disk, and Data Box Heavy, to move files from on-premises to the cloud.

 IAM - Identity and Access Management:

  • A person, application, or device can have an identity. Devices can include printers, etc.
  • Azure Active Directory (Azure AD) is now called Microsoft Entra ID.
  • Active Directory runs on a server and handles many identities.
  • Entra ID is not a replacement for Active Directory; it is the cloud version of Active Directory.
  • Active Directory uses LDAP and Kerberos protocols for communication.
  • Entra ID uses SAML and OAuth protocols for communication.
  • Can integrate Entra with Azure cloud services.
  • Supports SSO and federations using social media authentications.
  • Entra ID - Conditional Access: A paid service used to detect unexpected, suspicious attempts (from different geo-locations, new IPs, etc.). Based on the assessment, it enforces MFA to ensure the right user is accessing the application.

MFA - Multi-Factor Authentication: A free service that includes:

  • Something we know - Password
  • Something we have - Token/Phone/Apps
  • Something we are - Biometric

RBAC - Role-Based Access Control:

  • The premium version of Entra allows the creation of custom roles.
  • Pre-built roles can be used for access control.
  • Start with least privileges and extend access as needed.
  • Three basic roles:
    • Reader
    • Contributor: Full access but cannot assign permissions to others.
    • Owner: Full access and can assign permissions.

Zero Trust Policy Model:

  • Verify every access attempts.
  • Use least privilege.
  • JIT - Just-In-Time Access: Elevate access for a specific short period and then revert it.
  • JEA - Just-Enough-Access

Microsoft Defender:

  • A paid service that includes a list of security products to enhance security.
  • Checks security setups and detects threats.

 

Azure Management and Governance

Factors Affecting Costs:

  • Time: Charged on an hourly basis.
  • Consumption of Storage, Compute, and Bandwidth: Functions are charged based on consumption.
  • Service Tiers: Basic, Standard, Premium (e.g., Entra ID).
  • Computing Power: CPU/RAM.
  • Software Licenses.
  • Egress Bandwidth Charges.
  • Ingress Bandwidth: Free.

Tools and Concepts:

  • Azure Pricing Calculator: Calculate usage charges upfront.
  • TCO (Total Cost of Ownership): Helps determine the cost incurred for owning and using Azure services.
  • Cost Management: Analyze costs, perform budgeting, create cost reports, etc.
  • Automated Tags: Policies can be created to add automated tags.

Governance and Compliance:

  • Implementation: Security, legal governance, etc., set at the company level.
  • Sample Rules:
    • All servers must run on the latest supported Microsoft versions.
    • All servers must be backed up every 24 hours.
    • All firewalls must block requests other than those on port 443 from external IPs.
  • Policy Management:
    • Deploy resources using ARM templates.
    • Use prebuilt or custom JSON policies to manage rules.
    • Demo:
      • Azure Portal -> Search for Policy.
      • Definitions -> Search for Policy.
      • Select the specific policy to apply.
      • Select Assign.
      • Select the Scope (Subscription).
      • Select the Resource Group to apply the policy.
  • Resource Locks: Prevent deletion or changes.
    • Read-Only Lock.
    • Delete Lock.
  • Microsoft Purview: Data governance rules.

CLI Commands:

  • Commands Start with AZ:
    • az.
    • The AZ PowerShell module can be used for executing AZ commands.

Azure Arc:

  • Management: Manage VMs, containers, and physical servers outside Azure.
  • Compatibility: Supports on-premises or other cloud providers.
  • Data Services: Supported.
  • Kubernetes Cluster Management.
  • VM Extensions: Required for server management.

IaC (Infrastructure as Code):

  • Tools:
    • ARM Templates (JSON files).
    • Terraform.
    • Bicep.
    • Chef, Puppet.
    • PowerShell scripts.
  • ARM (Azure Resource Manager):
    • Management layer for all commands, API calls, and portal actions.
    • Authenticates commands/actions and passes them to create/modify resources.

 

Monitoring Tools:

  • Azure Advisor:
    • Dashboard displays status and recommendations.
    • Categories: Cost, Security, Reliability, Operational Excellence, Performance, Service Health.
  • Managed Service Status:
    • Monitor Azure service status.
    • Create alerting rules for unplanned outages.
    • Provides historical status.
  • Azure Monitor:
    • Centralized monitoring tool.
    • Tracks logging and analytics across the account.
    • Enable insights at the service level to capture logs and display on the monitor dashboard.
    • Query logs using Kusto Query Language (KQL).
    • Use metrics to monitor graphs.

!

 


Monday 28 October 2024

ERP - RTV/RTR - Return To Vendor or Receiving

 

Returns Processing

Return processing differs depending on whether you are returning items to the supplier or receiving:

Supplier: When you return items to the supplier, Oracle Receiving creates both a Return to Receiving and a Return to Supplier transaction.

Receiving also reopens the associated purchase order for the return quantity by reducing the original receipt quantity.

Receiving: When you return items to receiving, you can optionally select the sub inventory and locator. If you don't select a sub inventory and locator, the application uses the default receiving sub inventory and locator for the warehouse.


Background

Imagine you have raised a Purchase Order (PO) for an item and sent it to the supplier for fulfillment. When the supplier sends the item, the following tasks will be performed as part of the PO receipt (rcv_shipment_lines) process:

  • Receive the Goods (RECEIVE)
  • Inspect the Goods (INSPECT)
  • Store the Goods in Sub Inventory (DELIVER)

This entire process will result in three entries being created in the table - RCV_TRANSACTIONS.


Use the following API's to create the RTV transactions. 

POST https://oraclecloud.com/fscmRestApi/resources/latest/receivingReceiptTransactionRequests 

VendorName=SUPPLIER_NAME
DestinationTypeCode=RECEIVING  -->  Create RTV Transaction for RTR
DocumentLineNumber=POLineNumber
DocumentNumber=PONumber
ReceiptSourceCode=VENDOR
SourceDocumentCode=PO
TransactionType=RETURN TO VENDOR
InsertAndProcessFlag=True


API to get the transaction history: 

https://oraclecloud.com/fscmRestApi/resources/11.13.18.05/receivingTransactionsHistory?q=ReceiptNumber=RECEIPT_NUMBER;TransactionTypeCode=RECEIVE;PONumber=;POLineNumber=LINE_NUMBER

https://oraclecloud.com/fscmRestApi/resources/latest/receivingTransactionsHistory?q=ReceiptNumber=RECEIPT_NUMBER;TransactionTypeCode=DELIVER;PONumber=;POLineNumber=LINE_NUMBER )

GET https://oraclecloud.com/fscmRestApi/resources/11.13.18.05/receivingTransactionsHistory?q=ReceiptNumber=122;TransactionTypeCode=RETURN TO RECEIVING;PONumber=111;POLineNumber=1234


POST https://oraclecloud.com/fscmRestApi/resources/latest/receivingReceiptTransactionRequests 

DestinationTypeCode=RECEIVING  --> Correct RTR Transaction
DocumentLineNumber=POLineNumber
DocumentNumber=PONumber
ReceiptSourceCode=VENDOR
SourceDocumentCode=PO
TransactionType=CORRECT



Friday 25 October 2024

ERP - PO Receipts - ASN Receipts / RMA Receipts

 Purchase Order Creation

  • Creation: A Purchase Order is created to authorize the purchase of goods or services from a supplier.
  • Approval: The PO goes through an approval workflow to ensure it meets organizational policies.
  • Dispatch: Once approved, the PO is sent to the supplier.
  • Receipt: When the goods or services are delivered, the receipt is recorded in the system.
  • Matching: The receipt is matched against the PO and the supplier’s invoice to ensure consistency.
  • Payment: After successful matching, payment is processed to the supplier.


Advance Shipment Notices (ASN) Receipts

  • ASN Creation: The supplier sends an ASN to notify the receiving organization of an upcoming shipment. The ASN includes details like shipment date, time, identification number, packing slip data, and item details1.
  • Validation: The ASN is validated in the Receiving Open Interface to ensure there are no errors1.
  • Receipt Creation: Once validated, the ASN can be used to create receipts in the Receipts window, reducing data entry time.
  • Error Handling: If there are discrepancies or errors, an Application Advice is sent to the supplier to correct the ASN.

ASN Receipts  - PO Receipts

Perform Org and Sub Inventory check:
GET https://oraclecloud.com/fscmRestApi/resources/latest/subinventories?q=[q]
Perform Item Validation
GET https://oraclecloud.com/fscmRestApi/resources/latest/itemsV2?q=[q]
Perform PO Validation
GET https://oraclecloud.com/fscmRestApi/resources/latest/purchaseOrders?q=[q]&expand=lines,lines.schedules
Create PO Receipts
POST https://oraclecloud.com/fscmRestApi/resources/latest/receivingReceiptRequests
ReceiptSourceCode - VENDOR
ShipmentNumber
CustomerPartyNumber
EmployeeName  -- Buyer Name from PO
ReceiptSourceCode - CUSTOMER
SourceDocumentCode - PO
AutoTransactCode - RECEIVE
TransactionType - RECEIVE



RMA Creation

  • Initiate RMA: The process starts when a customer requests to return goods. The order manager initiates an RMA based on the original sales order.
  • Create RMA Order: An RMA order is created in Oracle Fusion Order Management.
  • Approve RMA: The RMA order is reviewed and approved.

RMA Receipts

  • Receive Returned Items: The returned items are received at the warehouse.
  • Inspect Items: The items are inspected to ensure they meet return criteria.
  • Create Receipt: A receipt is created in the system to record the returned items.
  • Update Inventory: The inventory is updated to reflect the returned items. 


RMA Receipts  - RMA Receipts

Perform Org and Sub Inventory Validation:
GET https://oraclecloud.com/fscmRestApi/resources/latest/subinventories?q=[q]
Perform Item Validation
GET https://oraclecloud.com/fscmRestApi/resources/latest/itemsV2?q=[q]
Perform RMA Order Validation
GET https://oraclecloud.com/fscmRestApi/resources/latest/salesOrdersForOrderHub?q=OrderNumber=and StatusCode NOT IN ('DOO_REFERENCE','DOO_DRAFT')
RMA_Line_Check
GET https://oraclecloud.com/fscmRestApi/resources/latest/rmaLinesForReceiving?RMA = RMA_ID &limit=[limit]
Get_RMA_Receive_Worker = SaaS Lookup or DVM
Create_RMA_Receipts
POST https://oraclecloud.com/fscmRestApi/resources/latest/receivingReceiptRequests
ReceiptSourceCode - CUSTOMER
ShipmentNumber
CustomerPartyNumber
EmployeeName  -- RMA_Receive_Worker
ReceiptSourceCode - CUSTOMER
SourceDocumentCode - RMA
AutoTransactCode - DELIVER
TransactionType - RECEIVE


GET Receipts Errors https://oraclecloud.com/fscmRestApi/resources/latest/receivingReceiptRequests/{HeaderInterfaceId}/child/lines?q=ProcessingStatusCode = 'ERROR'&expand='processingErrors'

Wednesday 24 July 2024

VPN - Working Principal

 A Virtual Private Network (VPN) connection from a laptop to a company’s VPN server involves several steps. Here’s a detailed explanation:

1. VPN Setup: The first step is to set up the VPN client on the laptop. This involves installing the VPN software provided by the company and configuring it with the necessary details such as the VPN server address, VPN type (e.g., PPTP, L2TP, OpenVPN), and authentication details. The exact setup process can vary depending on the specific VPN client used.

2. VPN Login: Once the VPN client is set up, the user can initiate a VPN connection. This typically involves opening the VPN client, selecting the appropriate VPN profile (if multiple profiles are configured), and entering their login credentials. These credentials are usually a username and password, but they could also include additional factors of authentication, such as a digital certificate or a one-time password (OTP).

3. VPN Connection: After the user has logged in, the VPN client establishes a secure connection to the company’s VPN server. This process involves several steps:

Tunnel Creation: The VPN client and server negotiate a secure tunnel for the VPN connection. This involves agreeing on the encryption protocols and keys to be used for the connection.

Authentication: The VPN client authenticates the VPN server, and vice versa, to ensure that both parties are who they claim to be. This is typically done using digital certificates.

IP Address Assignment: Once the tunnel is established and both parties are authenticated, the VPN server assigns an IP address to the VPN client. This IP address is used for all communication within the VPN tunnel.

Encryption and Decryption: All data sent over the VPN connection is encrypted by the VPN client before being sent through the tunnel. When the data reaches the VPN server, it is decrypted before being sent on to its final destination.

4. Data Transfer: With the VPN connection established, the user can now send and receive data over the internet as if they were directly connected to the company’s private network. All data sent over the VPN connection is encrypted, ensuring that it remains private and secure.


When an employee of a company uses a VPN to access an Azure Virtual Machine (VM), the traffic generally follows this path:

  • The traffic originates from the employee’s laptop and is encrypted by the VPN client installed on the laptop.
  • This encrypted traffic is then sent over the internet to the company’s VPN server.
  • The VPN server decrypts the traffic and sends it to the Azure VM over the VPN connection between the company and the Azure region.
  • In terms of IP visibility, the Azure VM will see the IP address of the company’s VPN server, not the employee’s original IP address. This is because the VPN server acts as a gateway between the employee’s laptop and the Azure VM.


It’s important to note that this is a general explanation and the exact details can vary depending on the specific VPN technology and configuration used by your company. For instance, some VPN configurations might involve Network Address Translation (NAT) which could affect the visible IP address. Always refer to your specific VPN and network setup for accurate information.

Tuesday 16 April 2024

IDCS - Identity Federation with Azure and Google (SAML IDP & Social IDP)

The setup involves Identity Cloud Service (IDCS) acting as the central identity provider, facilitating seamless authentication and authorization processes. Through Identity Federation, IDCS extends its capabilities to integrate with both Azure and Google, utilizing SAML Identity Provider (IDP) for Azure and Social IDP for Google.


With SAML IDP integration, users can securely access resources across platforms by leveraging their existing credentials. This interoperability streamlines authentication workflows, enhancing user experience and ensuring consistent access control.


Moreover, the inclusion of Social IDP, particularly with Google, broadens the authentication options, allowing users to authenticate using their Google accounts. This not only expands the user base but also simplifies login processes, as users can utilize familiar credentials.


Overall, this setup promotes interoperability, security, and user convenience, aligning with modern identity management practices and enabling efficient collaboration across disparate systems and platforms. 


Collect IDCS Meta Data

  • Enable "Access Signing Certificate" option to get the IDCS metadata.   Default Domain Settings ->  Select the Access Signing Certificate
  • Use the following IDCS URL to get the metadata details.
    • https://idcs-abcsdefghijkl1f.identity.oraclecloud.com/fed/v1/metadata
  • Save the the XML data as IDCS metadata file.

Azure
  • Login to Azure and Select Active Directory.
  • Select the Enterprise Application on the left menu.
  • Select add new application.
  • Select Oracle as a cloud provider.
  • Select OCI Console Option and SSO logo.
  • Provide a unique name and click create. 
  • This will create an Azure AD Application. 
  •  SSO Setup
    • Select SSO option under the above AD application. 
    • Select SAML IdP provide option. 
    • Use upload Metadata option to upload the IDCS metadata downloaded above. 
    • Provide the IDCS sign on URL  - https://idcs-abcsdefghijkl1f.identity.oraclecloud.com/ui/v1/myconsole
    • Save the data. 
    • Download the Federation Metadata XML (Azure) from SAML Signing Certificate section. 
    • Under User and Groups menu in the left add user and groups. 
IDCS- Setup IdP - IDCS Console -> Security -> Identity Provider.
  • Select Add SAML IDP.
  • Provide Name - Azure IDP
  • Next and Upload the Azure Metadata downloaded above. 
  • Next and select the option as per the requirement . Example NameId as a UserName and of Type Email Address. 
  • Select Next and Test the configuration by selecting Testing Option. 
  • Click Finish and Complete the setup.
  • Activate the IdP.
  • Note: 
    • Go to IDCS user page and update the user as Federated. 
      • This will allow the user to use both IDCS as well as Azure credentials. 
IDCS - Update IDP Policy:
  • Update the IDP policy to add the above created IdP for the authentication. 
  • Select the Default Provider Policy. 
  • Select the Identity Provider Rules tab. 
  • Edit the existing Rule and add the above created IDP. Azure IDP
  • Save all changes and Logout and test the IDCS login. 
  • Use the Azure IDP option on the IDCS login page to login using Azure Credentials. 

Note:  All the above IDCS steps can also be performed using OCI - Console. Under Identity and Security, go to domain,  create a new IDCS domain and under new domain we can perform above activities. 


Google:
  • Login to GCP console. 
  • Select the GCP project.
  • Select the API's and Services under left menu.
  • Select Credentials. 
  • Note:  We will be creating OAuth 2.0 Client Id's 
    • Select the Create Credentials option on the Top
    • Select OAuth Client Id option.  For IDCS app. 
    • Select Type as Web Application. 
    • Add Authorized redirect URL - IDCS -   https://idcs-abcsdefghijkl1f.identity.oraclecloud.com/oauth2/v1/social/callback
    • Select Create. 
    • This will generate the Client Id and Secret. 
      • Copy the Id and Secret. 
  • IDCS -  Setup IdP - Add Social IDP
    • Select Social IDP Option. 
    • Select Google as Type. 
    • Provide a name - GOOGLE_IDP
    • Select Next
    • Provide the above copied Client Id and Secret. 
    • Select Finish
    • Activate the IdP.
  • Update IDP Policies.
    • Add the above created IdP to the default policy rule. 

 


    Sunday 4 June 2023

    Docker - Container Cheat Sheet

    Basic and advanced docker commands for reference. Use them as a cheat sheet

    • Commands to install docker on Linux 

    curl -fsSL https://get.docker.com -o get-docker.sh
    sudo sh get-docker.sh

    • Command to start the Docker daemon 

    sudo service --status-all 
    sudo service docker start

    •  Command to Pull the docker images from Docker hub - https://hub.docker.com/

    docker pull image_name:version
    version : default  value is latest 

    docker pull mysql

    • Command to pull and install the docker image

    docker run image_name
    docker run mysql

                docker run -d image_name   => To run the command in background mode. 

                 docker run -d --name webapp_vk  -d image_name  => To assign a name to the docker container

                  docker run -d image_name command ==> We will override the CMD statement in the image or append the value to ENTRYPOINT command.  

    •  Command to List the running containers
                        docker ps      ==> List all the running containers. 
                        docker ps -a  ==> List both running and stopped containers. 

    • Command to List the images present on the host
                       docker images  ==> List all the images. 
    • Command to Stop the containers.
                        docker stop container_id / container_name.   
    • Command to Remove the containers. 
                        docker rm container_id  ==> Make sure containers are stopped before running the command. 
    • Command to delete or remove the images. 
                       docker rmi image_id   ==> We can specify first few characters of the Id. 

    • Command to run and execute Unix command. 
                    docker run ubuntu cat /etc/*releases* ==> This will install a ubuntu on a container and run the command. 

    • Command to execute the scripts
                docker exec container_id cat /etc/*release*

    • Command to build a docker image
            docker build .   ==> provided the Dockerfile is in the same directory from where we are running this command. 
            docker build -f  DockerFile  -t  vijaya/image_name  ==> Providing tag/name to the image

    • Command to push the docker image to Hub
            Before we push the image , we need to login 
            docker login  ==>  This will prompt docker hub credentials.  After successful login
            docker push vijaya/image_name  ==> Push the image to Hub

    • Command to pass the environment values
            docker run -d -e ENV_VARIABLE_NAME=VALUE  --name vijaya_container  image_name  ==> This will supply the environment values. 

    • Command for Port Mapping to access the applications using Docker Host IP. 
                docker run -d -p host_port :  container_port  image_name
                docker run -d -p 8306:3306 mysql 



    ERP - GL - Chart Of Accounts

    Segments in General Ledger   Segments  are dimensions used to represent an account in a financial system. A company can have anywhere from...