Wednesday, November 12, 2008

Restriction on Automatic User Provisioning

Introduction


I have explained about the different methods of user provisioning in the previous article here. If one were to go with 'Unconditional Provisioning' (automatic provisioning) of new users from OID to FND_USER table, then one has to consider an important restriction on how such users be placed in the Directory Information Tree in OID.




New User entries that are created in OID and have to be automatically provisioned (created) in FND_USER table must be either placed in the default USERS container or any container that is a sub-tree of the USERS container. If the user entries are in a sub-tree that is at the same level as the default USERS container, then such entries will not be automatically created in FND_USER table even if the 'Applications SSO Enable OID Identity Add Event' system profile option is ENABLED.




Conclusion


This restriction should go away in future releases of Oracle Identity Management, but as of now, the latest 10.1.4.2 does have it. One can load all users in OID in the default USERs container, however for better management and administration purposes, it is always recommended to create normal users in a sub-tree container.

5 comments:

Adhithi said...

Excellent work..
We have an issue here.
The user is getting created in OID but is not getting reflected in Ebiz.
I saw about the automatic provisioning.
Could you please tell where the automatic provisioning should be enabled?

Srinivas Ramineni said...

Adithi

Do you have access to OID server ?

Is your DIT (Directory Information Tree) in OID organized in a similar fashion as I illustrated above ? What is your version if OID ? (Identity Management 10.1.4.x) ? or 11g ?

Launch oidadmin in OID server (GUI) and verify the way users are created in the DIT. They should be created in a similar fashion as described above (similar tree structure as I showed) and then the user will be provisioned in Oracle E-Business Suite.

Make sure your 'Applications SSO Enable OID Identity Add Event' profile is enabled on the EBS

-Srinivas

Irina said...

Hello Srinivas,

Same issue - after integrating OID 11g -> EBS 12.1.2 the users i create in OID do not appear in EBS. I created a user in cn=Users, dc=app,dc=mycompany,dc=ro and the problem still persists. The profile "Applications SSO Enable OID Identity Add Event" is enabled.

Any ideas?

kosala said...

Hi

my requirement is to get the GUID and CN (real name) from the OID database itself. can you please let us know whats the table this is resides.

we have ebz 12.1.3 with OID 10.1.3.4

Srinivas Ramineni said...

Kosala
Did you check the list of tables of the OID database ? OID does have this information.
-Srini

Related Posts Plugin for WordPress, Blogger...