- Oracle Identity Management 10.1.4.2 and Oracle Applications E-Business Suite 188.8.131.52
- Uni-directional synchronization from Active Directory to Oracle Internet Directory
- Uni-directional provisioning from Oracle Internet Directory to the E-Business Suite
- Account Creation in E-Business Suite is self-service and automatic.
- Lets any user in the enterprise to have an Oracle account. Anyone who has the login webpage address can get an account created in 11i.
ldifwrite on OID and LDAPUserImport on 11i
- Use the ldifwrite command in the OID server to create a dump file containing the user's LDAP attributes and other information.
- Copy the ldif file to one of the 11i middle-tiers
- Run the LDAPUserImport java command to import the user into FND_USER table.
- Control on user creation. Only genuine and approved users will be allowed to have an account in Oracle.
- Manual process. However, it can be automated as well.
provsubtool on OID and Workflow Subscription Event on 11i
- Run the provsubtool command in OID to add new users to an account subscription list
- On the 11i side, a workflow subscription event oracle.apps.fnd.subscription.add will be triggered at an appropriate time to add these users in the list to the FND_USER table in 11i
Security => User => Define form in 11i
- Verify the user exists in OID using an ldapsearch command or by using the oidadmin tool.
- Disable Applications 'SSO LDAP Synchronization profile' option
- Create the user using the Security => User => Define form
By enabling the 'Applications SSO Enable OID Identity Add Event' system profile, the provisioning profile will add every user account to E-Business Suite that is synchronized from MS Active Directory to OID. Exercise caution before enabling this system profile because not every employee or consultant in an organization will need an Oracle account. This can lead to a proliferation of users in the FND_USER table.
Sufficient thought has to be exercised before enabling the Unconditional Provisioning or the On-Demand user creation as described above. Use one of the other three options for maximum control on user provisioning.