- Create an IDCS client application with User Admin roles.
- Login to IDCS
- Go to Applications
- Create Confidential Application.
- Provide Name as - Fusion IDCS Application.
- Next Page - Select configure this application as Client Now.
- Select Allowed Grant Type - Client Credentials
- Client Type - Confidential
- Under Grants
- Select User Administrator role.
- Select Next and Finish
- Save
- Activate.
- Note down the client id and secret.
- Login to Fusion Application. Use Admin User
- Go to Setup and Maintenance
- Select Tasks
- Select Manage Setup Content
- Under Topology Definition
- Select Manage Integration of Additional Applications
- Select Create ( + )
- Create Application Integration page will open.
- Application Name - IDCS_REST_APP
- Full URL : https://<IDCS-HOST-NAME>/admin/v1
- Partner Name : IDCS
- Security Policy : Select - oracle/wss_username_token_over_ssl_client_policy
- User Name : Enter the Client Id
- Password : Client Id Secret.
- Refer Above created IDCS applications for Client Id and Secret.
- Apply
- Save and Close.
- Create Task Lists and Tasks:
- Go to Setup and Maintenance
- Select Tasks
- Select Manage Setup Content
- Under Functional Definition
- Select Manage Task Lists and Tasks
- Select Create Task
- Provide following details - You must use the same values. These values are seeded values.
- Click Save, but don’t close yet.
- To save the Oracle Identity Cloud Service access credentials in the Oracle Fusion Applications Cloud Service credential store, click Test Go to Task.
- In the Fusion Applications IDCS Sync App Credentials dialog,
- enter the Oracle Identity Cloud Service Admin console in the URL in the URL field.
- Enter the client ID of the Oracle Identity Cloud Service Application as the user name.
- Enter the secret key of the Oracle Identity Cloud Service application as the password.
Field Name |
Field Value |
Name |
Fusion Applications IDCS Sync App
Credentials |
Code |
FUSION_APPLICATIONS_IDCS_SYNC_APP_CREDENTIALS |
Description |
Fusion Applications IDCS Sync App
Credentials |
Deployment Method |
None |
Program Name |
/WEB-INF/oracle/apps/setup/commonSetup/setupHub/publicUi/flow/EndpointPolicyFlow.xml#EndpointPolicyFlow |
Perform Task |
After Import |
Enterprise
Application |
Setup |
Module |
Setup |
Parameters |
endpointKey=FA_USER_SYNC_IDCS_CLIENT_ID&filterSecurityPolicies=oracle/wss_username_token_over_ssl_client_policy |
Task Type |
Data Entry |
Uses user interface |
Selected |
Open In |
Standard view |
- Go to Setup and Maintenance and search for task: Manage Administrator Profile Values
- Edit the below Profile options at Site level
- FND_USER_MIGRATION_FETCH_BATCH_SIZE = 1000
- FND_USER_MIGRATION_MAX_RETRY_ATTEMPTS = 2
- FND_ROLE_SYNC_MAX_SELECTED_ROLES_SIZE = 1000
- FND_USER_IDENTITY_SYNC_TARGET=IDCS
- FND_SYNC_JOB_TYPE=USER/ROLE/ALL
- USER - To Sync Only User
- ROLE - To Sync Only Roles
- ALL - To Sync Both User and Role.
- FND_USER_MIGRATION_FA_FEDERATION=True -- Default value is True
- Execute the Scheduled Process:
- User identity synchronization from this SaaS instance to the PaaS Identity Store
- Schedule this Job to Run Every day
- From the Setup and Maintenance panel of your service, search for the task
- Migrate Enterprise Roles and Assignments to PaaS Identity.
- Add all the Roles to be synchronized in this table