Saturday, 2 January 2021

Oracle Fusion - User Creation or Migration and Role Provisioning

Oracle Fusion Users can be originated in Fusion Application where in users are created in Fusion (Security Console) or can be provisioned from identity providers like IDCS to Fusion Application. 

In case users are originating at IDCS and then provisioned or synced with Fusion Application then it is required  to setup SSO application in IDCS and enable User Sync from IDCS to FA. 

It is required to configure Auto Role Provisioning to all the users and assign Employee role or Contingent worker role to User.  It will assign a default role to user when an User account is created in Fusion. 

In case users are not assigned with any role and by chance if you run a seeded job - "Send Pending LDAP Request"  or if it gets kicked off due to some other sync job like Role Assignment then it will remove the users which are not assigned with any roles.  

"Send Pending LDAP Request" job will perform following tasks. 

  • Create , Suspend and Reactivate User Accounts. 
  • User create will be triggered when Person record is created for a Worker. 
  • User will be suspended when roles are removed from a User. 
  • User will be Reactivated when a User will be rehired. 

Note: These jobs will triggered when automatic user creation and management is enabled in Fusion. 

It is not required to run this Job if the user is created manually or synced from IDCS.  It is required only if we need to create user automatically using Employee records. 

Enable Auto Creation and Management :  FA > Setup and Maintenance > Manager Enterprise HCM Information > Edit and Set > User Account Creation as - Both Person and Party User. 

Automatic Role Provisioning >  FA > Setup and Maintenance > Manager Enterprise HCM Information > Edit and Set > User Account Role Provisioning as - Both Person and Party User. 

Provision Roles to  Users Automatically. 
  • Login into FA
  • Setup and Maintenance
  • Tasks
  • Search > Manage Role Provisioning Rules / Manager Role Mapping
  • + Create
  • Give a Mapping Name - Employee Prov
  • Update Following Fields.  This will assign the roles to Active Employee
    • System Person Type =  Employee
    • HR Assignment Status = Active.
  • Under Associated role
    • + Add Row
    • Role Name >  Search for a Role - Employee Role
    • Add
    • Select Auto Provision Option. 
    • Save and Close. 
  • Follow Above Steps for Contingent Worker.
    • Add Mapping Name - Contingent Work
      • System Person Type = Contingent Worker
      • HR Assignment Status = Active
    • Add Role 
    • Select Contingent Worker Role
    • Select Auto Provision Option. 
    • Save and Close. 

When you schedule "Send Pending LDAP Request" it will perform Auto Role Provisioning. 

1 comment: