This post covers Oracle E-Business Suite (EBS or Apps) integration with Oracle Identity Manager (OIM) for User Provisioning and Reconciliation. OIM is Identity Management and Identity Provisioning/Reconciliation software from Oracle. OIM 11g Architecture & Administration is also covered in my book Oracle Identity and Access Manager for Administrators.
Here are key things you should know if you are planning to use OIM to provision accounts to EBS or reconcile users from EBS to OIM.
1. There are mainly three type of users in Oracle E-Business Suite
a) EBS Accounts – is an entry in FND_USER that represents an Oracle E-Business Suite Account. To login to E-Business Suite user must have record in FND_USER
b) HRMS / PERSON Record – Some applications in EBS (like iExpense) require user to have HRMS (Person) record. PERSON record can be of different type like Employee, Part-time worker, Contractor, etc. Person records are stored in table PER_ALL_PEOPLE_F
c) Customer/Vendor Record – Some applications in EBS (like iStore or iProcurement) require user to have TCA record (Trading Community Architecture) that are representative or employees of customers and vendors . TCA record is in stored in table HZ_PARTIES
2. OIM uses pre-built connectors to provision accounts or reconcile users with LDAP Servers, Databases, Operating Systems and Business Applications including Oracle E-Business Suite.
3. There are two type of OIM connector for EBS
a) Oracle e-Business Employee Reconciliation (ER) – In this integration Oracle E-Business Suite HRMS acts as an authoritative source (aka trusted source) for OIM. In this configuration (trusted source) of connector, person records are created and modified only on EBS HRMS. Information about these users is then reconciled in to OIM. This connector has a Reconciliation Process.
Note: You can NOT use EBS ER connector to provision accounts from OIM to EBS (FND_USER), if you need to provision accounts in EBS (FND_USER) from OIM then you should use EBS User Management (UM) connector.
b) Oracle e-Business User Management (UM) – In this integration Oracle E-Business Suite acts as managed resource (target resource) for OIM. Users in OIM can be provisioned to EBS. Using this connector, users created or modified directly on Oracle E-Business Suite can also be reconciled in to OIM. There are two processes in this connector Reconciliation Process and Provisioning Process.
4. There are three versions of EBS-UM Connector
a) User Management (FND_USER)
b) User Management with HR Foundation (FND_USER & HRMS/PER)
c) User Management with TCA Foundation (FND_USER & TCA/HZ_PARTIES)
5. EBS-UM connector can be configured in any one or combination of
a) User Management : Use this to create FND_USER record (in EBS) for OIM User and to grant roles and responsibilities to this EBS Record (FND_USER).
b) User Management with HR Foundation : Use this connector to create FND_USER record in EBS (same as User Management) but you can also create basic HRMS user in EBS and link record in HRMS with record in FND_USER (EMPLOYEE_ID column in FND_USER table is linked with PERSON_ID column of PER_ALL_PEOPLE_F table). Use this version of connector if you wish to create record in FND_USER (of EBS) and HRMS (of EBS) from OIM.
c) User Management with TCA Foundation : Use this connector to create FND_USER record in EBS (same as User Management) but you can also create basic TCA person-type party record in EBS and link it with record in FND_USER (PERSON_PARTY_ID column in FND_USER table is linked with PARTY_ID column of HZ_PARTIES table). Use this version of connector if you wish to create record in FND_USER (of EBS) and TCA (of EBS) from OIM.
a) EBS User Management Connector installation & configuration document is available here
b) EBS Employee Reconciliation Connector installation & configuration document is available here
7. It is recommended NOT to configure Oracle e-Business Employee Reconciliation and Oracle e-Business User Management with HRMS (HRF or HR Foundation) both at same time.
To know more about OIM connector for Oracle E-Business Suite , leave comment below !
Related Posts for Identity Manager
- Oracle Identity Manager (User Provisioning – Thor)
- Installing Oracle Identity Manager (Thor Xellerate)
- Oracle Identity Manager 9.1 released
- Oracle Identity Manager (Thor Xellerate) Architecture
- Resource, Reconciliation, Provisioning and Connector in Oracle Identity Manager #OIM
- Oracle Identity Manager (OIM) Connector for Oracle Internet Directory (OID) : Architecture and Overview
- Step by Step Installation of OIM Design Console 9.1.0
- Error while running PurgeCache in OIM 11g : LoginException unable to find LoginModule class : WebLogic Full Clinet
- Integrate OIM 11g with OID using connector for Provisioning / Reconcilliation – Installation
- PurgeCache in OIM 11g : CategoryName
- OIM LDAP Sync : Overview and Key Points
- OIM 11g : How to export/import/delete Files from MDS
- Where are OAM details stored in OIM (account unlock, password reset)
- libOVD adapters in OIM LDAP Integration : LDAPsync – view and modify Adapter settings (bindDN and bindPassword)
- Error Starting OIM Design Console (xlclient.sh) on Linux java.lang. NoClassDefFoundError
- OIM 11g Challenge Questions (PCQ) for forgot password
- Oracle EBS Integration with OIM (Identity Manager) : Things you should know
- Users not synced from OID to OIM : Debug Scheduled Job
- OIM Connector for Microsoft : AD, Exchange, Windows, Password Management
- Connector Server for OIM connectors : .NET or JAVA
- OIM 11g Challenge Questions – Everything you must know
- OIM 11g How to add Challenge Questions
- OIM : Assign AD resource : An error occurred because the Adapters are not compiled : How to compile adapters in OIM
- OIM User Creation : An Error occurred while performing create user operation. Unable to get LDAP connection
- OIM – AD integration : Active Directory Group Lookup Recon failed with error Remote Framework Key is invalid
- Microsoft Active Directory (AD) to Oracle Identity Manager (OIM) Password Synchronization: Things you must know : Part I
- Provision resource “Microsoft Exchange” to user in OIM : Status remains in Provisioning : Part I
- Target Resource (or Managed Resource) vs Trusted Source (or Authoritative Source) Mode : OIM integration with applications (AD, OID, OVD, EBS, SAP, HR, LDAP)
- 500 Internal server accessing OIM application : com.bea. security.MicroSM. getInstance oracle.iam. platform. authz.impl
- Your account is locked. You can unlock your account by going to Forgot Password
- OIM 11g : How to find User and Manager details : USR table
- OIM 11g : User Detail/Attribute (Description) not visible in OIM User screen : EBS / OID / OIM integration
- OIM 11g: The add proxy operation for user XXXXX failed with following error oracle. bpel. services. workflow. client. workflowservieclientException javax.xml.ws.WebServiceException could not determine wsdl ports
- Oracle Identity Manager BP07 for 11gR1 PS1 184.108.40.206.7 (16097399) is now available – (Part of Identity Management SUite BP03 16209876)
- OIM 11g : SQL to List User’s Manager
- OIM integrated with OAM (SSO) showing OIM login screen : User Soft Locked
- OIM 11g: Beware if you are applying WebLogic patch !
- Help Me : Microsoft Active Directory Password Sync version and latest patch for Oracle Identity Manager 220.127.116.11
- Upgrade OIM connector for Microsoft Exchange to 18.104.22.168 Part I