fusion hcm security specialist lesson 2 v1.0
DESCRIPTION
HCM Security Presentation2TRANSCRIPT
Slide 1*
Hello & Welcome to Fusion HCM Security Specialist Lesson 2
The topic covered in this lesson is User and Role Provisioning .
Instructor notes:
NA
*
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.
The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Safe Harbor Statement
Narration:
On the screen is Oracle’s Safe Harbor Statement, please take a moment to review.
Instructor notes:
NA
*
1 - *
Use of this Site (“Site”) or Materials constitutes agreement with the following terms and conditions:
1. Oracle Corporation (“Oracle”) is pleased to allow its business partner (“Partner”) to download and copy the information, documents, and the online training courses (collectively, “Materials") found on this Site. The use of the Materials is restricted to the non-commercial, internal training of the Partner’s employees only. The Materials may not be used for training, promotion, or sales to customers or other partners or third parties.
2. All the Materials are trademarks of Oracle and are proprietary information of Oracle. Partner or other third party at no time has any right to resell, redistribute or create derivative works from the Materials.
3. Oracle disclaims any warranties or representations as to the accuracy or completeness of any Materials. Materials are provided "as is" without warranty of any kind, either express or implied, including without limitation warranties of merchantability, fitness for a particular purpose, and non-infringement.
4. Under no circumstances shall Oracle or the Oracle Authorized Delivery Partner be liable for any loss, damage, liability or expense incurred or suffered which is claimed to have resulted from use of this Site of Materials. As a condition of use of the Materials, Partner agrees to indemnify Oracle from and against any and all actions, claims, losses, damages, liabilities and expenses (including reasonable attorneys' fees) arising out of Partner’s use of the Materials.
5. Reference materials including but not limited to those identified in the Boot Camp manifest can not be redistributed in any format without Oracle written consent.
Oracle Training Materials – Usage Agreement
Narration:
On the screen is Oracle’s Usage Agreement, please take a moment to review.
Instructor notes:
NA
*
Narration:
User account provisioning
Instructor Notes:
The agenda items are the section titles
*
Learning Objectives
At the end of this lesson you should be able to:
Explain user account provisioning
Narration:
At the end of this lesson you should be able to:
Explain user account provisioning
Instructor Notes:
Development note: The objectives come from the Standard Structure Design document
fy11 app grid awareness trainingfinal.ppt
*
*
User Account Creation and Maintenance Scenarios
User Account Creation
User Account Maintenance
Each section relates to the Agenda items.
You can teach more than one objective in the section. All content in the section must relate to the objectives.
*
The customer plans to create new users within Oracle Fusion HCM on an ongoing basis.
The customer maintains a set of users in an on-premise LDAP that connects to multiple applications using Single Sign-On (SSO).
The customer, typically a very large company, has its own user account and role-provisioning system.
User Account Creation and Maintenance Scenarios
User Account Provisioning
Narration:
A customer's approach to account creation and maintenance for Oracle Fusion HCM users depends on their existing user base, whether or not their users are shared among multiple applications, and whether they plan to use Oracle Fusion HCM to handle their ongoing user account management needs. There are several possible scenarios, such as:
The customer plans to create new users within Oracle Fusion HCM on an ongoing basis- In this scenario, Oracle Fusion HCM operates as a standalone system, and HCM users are not shared with other applications in the enterprise.
The customer maintains a set of users in an on-premise LDAP that connects to multiple applications using Single Sign-On (SSO).
The customer, typically a very large company, has its own user account and role-provisioning system.
This lesson focuses on the first of the three scenarios-User Account Provisioning
Instructor note:
*
*
Automatically provisioned using Oracle
to create implementation users
User Account Creation
Narration:
User Account provisioning can be broadly categorized into User Account Creation & User Account Maintenance.
In User Account creation
You can configure Oracle Fusion HCM to create user accounts automatically when workers are hired using the New Hire flow.
You can also create user accounts using the Manage Users task. This is a quicker way of getting employees into the system than using the New Hire flow.
Note: Once an implementation is complete, HCM users do not typically use the Manage Users task; they use the New Hire flows, which are more functionally rich.
During initial implementation, user accounts are typically migrated to Oracle Fusion Applications using batch processes. Once you have implemented Oracle Fusion Applications, user accounts can be automatically provisioned using Oracle Fusion HCM tasks.
Use the Create Implementation Users task to create implementation users. Users created with this task are not mapped to an HR Person Type, such as Employee or Contingent Worker. However, you can map an implementation user to an employee later.
Instructor note:
NA
*
User passwords can be reset from with in HR UIs.
(Manage Job Roles & Manage User Account task)
Line managers and HR specialists can request
user accounts for workers that do not yet have one
Using the Manage Users task and
Manage User Account task
In User Account Maintenance
User accounts can be maintained using the Manage Users task in the Setup and Maintenance work area and the Manage User Account task in the Person Management work area.
User accounts can be automatically revoked when workers are terminated (based on account provisioning rules).
User passwords can be reset using the Manage Job Roles task in the Setup and Maintenance work area and the Manage User Account task in the Person Management work area.
Line managers and HR specialists can request user accounts for workers that do not yet have one
Instructor note:
NA
*
Narration:
This is Manage User Account page accessed through Person Management by HR Specialist.
You have option to Copy Personal Data to LDAP. In this, User accounts are automatically created and maintained in a LDAP directory by Oracle Identity Management (OIM). OIM holds some personal information about users, such as name, work phone number, and work location address. When you create or update personal information in HCM, it is copied automatically to OIM to ensure that Oracle Fusion HCM and OIM hold the same information about a user. If you make a change to a person's information that you want to send immediately to OIM, you can copy personal data to LDAP. This action is optional.
In Autoprovision Roles, When you auto provision roles to a user, the user's assignments are reviewed automatically against all current role mappings. if the user is eligible for the role but does not have it, it is immediately provisioned. If the user is no longer eligible for a role but still has it, it is immediately de-provisioned.
This role eligibility is part of Role Provisioning features & will be discussed in next section.
Instructor note:
*
*
In this section we will cover the following objectives:
Role-Provisioning: Overview
Each section relates to the Agenda items.
You can teach more than one objective in the section. All content in the section must relate to the objectives.
*
Hire an Employee
Users can self-request new roles
Line managers and HR specialists can request new roles and revoke existing roles from people they manage/administer
Narration:
Role provisioning is built into Oracle Fusion HR flows. You can initiate the provisioning and revoking of roles from within the following flows:
Hire an Employee
Promote Worker
Transfer Worker
We will show how role provisioning is integrated into the Hire an Employee flow in the last section of this lesson.
Users can self-request new roles if role mapping rules have been defined and the user meets the specified criteria.
Note: By default, users have no access to functions and data. To enable users to access functions and data, you must provision roles to them
Instructor note:
NA
*
Define Role-Provisioning Rules
Role-provisioning rules determine the roles that a user should have based on their HR assignments.
Role-provisioning rules define an association between a set of conditions (typically assignment attribute values) and one or more job, abstract, and data roles
Narration:
NA
*
Narration:
In this page you can define role provisioning rules. Use the Manage HCM Role Provisioning Rules task in the Setup and Maintenance work area to create and manage role-provisioning rules.
In this example, any employee who works for Vision Corporation, and is assigned the job of HR010.HR Specialist will automatically be given the Human Resource Specialist – Vision Operations data role.
If the user subsequently transfers to a different job, they will automatically lose this role.
Consider these Key Points:
Use the Conditions area to define the conditions that must be met for the mapping to apply.
Use the Associated Roles section to add one or more existing roles to the mapping rule.
Use the checkboxes (described in detail in the next slide) to determine whether a given role can be assigned automatically, manually, or by user request. Note that the Auto Provision option is selected by default; you must deselect it if you do not want the role to be automatically provisioned.
Instructor note:
NA
*
Narration:
When defining role-provisioning rules on the Create Role Mapping page, you have several provisioning options:
Auto Provision-Provisions roles automatically to all eligible users when at least one of their assignments is either created or updated and satisfies the role-mapping conditions.
An automatically provisioned role is de-provisioned automatically when the user’s assignments cease to satisfy the role-mapping conditions.
Requestable- Enables users, such as line managers and human resource specialists, to provision roles manually to other users. Users retain roles that are provisioned to them manually until either all their work relationships are terminated or the roles are de-provisioned manually.
Note: The criteria defined in the Conditions section must be satisfied by the user who is provisioning the role to other users, not by the users who are receiving the role.
Self-Requestable- Enables users to request roles for themselves. Users retain roles that they request for themselves manually until either all their work relationships are terminated or the roles are de-provisioned manually.
Apply Auto Provisioning- Provisions roles to users immediately, rather than waiting until the role is provisioned automatically or requested manually.
When you click this button, all assignments and role mappings in the enterprise are reviewed and any necessary provisioning and de-provisioning of roles occurs immediately. You can also perform auto provisioning from an individual user's account, in which case only that user’s assignments are reviewed and any necessary provisioning and de-provisioning of roles for that user occur immediately.
Instructor note:
NA
*
Predefined Role-Provisioning Rules
Each section relates to the Agenda items.
You can teach more than one objective in the section. All content in the section must relate to the objectives.
*
Automatically provisions the Line Manager role
Defines all predefined View All data roles as Requestable (manually provisioned)
Automatically provisions the Employee role
Automatically provisions the Contingent Worker role
Employee
The following role-provisioning rules are predefined for HCM Cloud environments:
Employee- Automatically provisions the Employee role
Contingent Worker- Automatically provisions the Contingent Worker role
Line Manager- Automatically provisions the Line Manager role
Requestable Roles- Defines all predefined View All data roles as Requestable (manually provisioned)
Instructor note:
NA
*
Narration:
Section 4 of this presentation explains integration with new hire flow.
In this section we will cover the following objectives:
Integration with New Hire Flow
Self-service role request
Role-Provisioning Best Practices
Each section relates to the Agenda items.
You can teach more than one objective in the section. All content in the section must relate to the objectives.
*
Narration:
To meet the conditions defined in the role mapping example on the Defining Role Provisioning Rules page, an employee would need to work for InFusion Corp USA1 and be assigned the job of HR010.HR Specialist. You specify the employee's legal employer on the Identification page of the Hire an Employee flow, as shown in this figure:
Manager Resources > New Person > Hire an Employee > Identification page
Instructor note:
NA
*
Narration:
You specify the employee's job on the Employment Information page of the Hire an Employee flow, as shown in this figure:
Manager Resources > New Person > Hire an Employee > Identification page > Person Information page > Employment Information page
Instructor note:
NA
*
Narration:
The Roles page of the flow shows the roles that will be automatically provisioned to the employee based on the selected job, along with the Employee abstract role:
Manager Resources > New Person > Hire an Employee > Identification page > Person Information page > Employment Information page>Roles Page
Instructor note:
NA
*
Narration:
Here we show how Amy Wong can manage her user account information in LDAP, from within the Person Gallery. Select the Manage User Account action from the Actions menu.
Instructor note:
NA
*
Auto Provision Roles
Narration:
In this page she can request additional roles for herself by clicking on Add Role button.
Roles are marked as self-requestable on the Manage Role Mappings page which is explained earlier.
Using this page, Amy can click on Copy personal data to LDAP action which will open a new window. This window is shown in next slide.
Instructor note:
NA
*
*
Narration:
On this page, Amy can check to see whether her user account data is up to date in LDAP. If it is not up to date she can initiate an HR-LDAP synchronization request for her user account. Identity data is pushed from HR to LDAP.
Identity data for HR people is periodically synchronized to LDAP using an ESS process called SEND PENDING LDAP REQUESTS.
Instructor note:
NA
*
Role-Provisioning Best Practices
Determine the roles that all workers of a particular type must have, and create role mappings to provision those roles automatically
Determine the roles that all line managers must have, and create role mappings to provision those roles automatically
Determine the roles that only some workers of a particular type will need, and autoprovision the roles if possible
Narration:
During implementation, consider the following approaches to role provisioning:
Determine the roles that all workers of a particular type must have, and create role mappings to provision those roles automatically.
For example, to ensure that all employees have the employee role, create a role mapping to autoprovision the role to eligible users.
Determine the roles that all line managers must have, and create role mappings to provision those roles automatically.
For example, if all line managers must have both the line manager role and a locally defined Expenses Manager role, then create a role mapping to autoprovision both of those roles to eligible users.
Note: Automatic role-provisioning rules for employee and line manager roles are predefined for Cloud HCM customers.
Determine the roles that only some workers of a particular type will need, and autoprovision the roles if possible.
For example, some human resource specialists may also need the benefits analyst role. If you can autoprovision those roles based on specific conditions, then create role mappings to provision those roles automatically. Otherwise, decide whether workers can request those roles for themselves or whether they must be provisioned by other users, such as line managers, and create the appropriate role mappings.
Instructor note:
NA
*
Remember that:
Automatic role provisioning is a time-saver and recommended for standard roles, such as abstract roles. It is highly efficient for mass role provisioning.
A single role mapping definition can be used to manage multiple roles and a mix of provisioning strategies, provided that the role mapping conditions are the same in all cases
Narration:
Remember that:
Automatic role provisioning is a time-saver and recommended for standard roles, such as abstract roles. It is highly efficient for mass role provisioning.
A single role mapping definition can be used to manage multiple roles and a mix of provisioning strategies, provided that the role mapping conditions are the same in all cases
Instructor note:
NA
*
Describing role-provisioning rules and its best practices
Usage of predefined role-provisioning rules
Integration of role provisioning into new hire flow
Narration:
Describing role-provisioning rules and its best practices
Usage of predefined role-provisioning rules
Integration of role provisioning into new hire flow
Instructor notes:
*
*
Lets do a review of the module
*
User accounts can be automatically provisioned using Oracle Fusion HCM tasks
User accounts can be automatically revoked within the Termination flow
Users can self-request new roles
Line managers and HR specialists can request new roles and revoke existing roles from people they manage/administer
Key Points
Narration:
Now that we have completed this lesson, let’s take a look at the key points. Please take a moment to review.
User accounts can be automatically provisioned using Oracle Fusion HCM tasks
User accounts can be automatically revoked within the Termination flow
Users can self-request new roles
Line managers and HR specialists can request new roles and revoke existing roles from people they manage/administer
Instructor notes:
*
*
1 - *
And that brings to an end of Fusion HCM Security Specialist Lesson 2
*
Hello & Welcome to Fusion HCM Security Specialist Lesson 2
The topic covered in this lesson is User and Role Provisioning .
Instructor notes:
NA
*
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.
The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Safe Harbor Statement
Narration:
On the screen is Oracle’s Safe Harbor Statement, please take a moment to review.
Instructor notes:
NA
*
1 - *
Use of this Site (“Site”) or Materials constitutes agreement with the following terms and conditions:
1. Oracle Corporation (“Oracle”) is pleased to allow its business partner (“Partner”) to download and copy the information, documents, and the online training courses (collectively, “Materials") found on this Site. The use of the Materials is restricted to the non-commercial, internal training of the Partner’s employees only. The Materials may not be used for training, promotion, or sales to customers or other partners or third parties.
2. All the Materials are trademarks of Oracle and are proprietary information of Oracle. Partner or other third party at no time has any right to resell, redistribute or create derivative works from the Materials.
3. Oracle disclaims any warranties or representations as to the accuracy or completeness of any Materials. Materials are provided "as is" without warranty of any kind, either express or implied, including without limitation warranties of merchantability, fitness for a particular purpose, and non-infringement.
4. Under no circumstances shall Oracle or the Oracle Authorized Delivery Partner be liable for any loss, damage, liability or expense incurred or suffered which is claimed to have resulted from use of this Site of Materials. As a condition of use of the Materials, Partner agrees to indemnify Oracle from and against any and all actions, claims, losses, damages, liabilities and expenses (including reasonable attorneys' fees) arising out of Partner’s use of the Materials.
5. Reference materials including but not limited to those identified in the Boot Camp manifest can not be redistributed in any format without Oracle written consent.
Oracle Training Materials – Usage Agreement
Narration:
On the screen is Oracle’s Usage Agreement, please take a moment to review.
Instructor notes:
NA
*
Narration:
User account provisioning
Instructor Notes:
The agenda items are the section titles
*
Learning Objectives
At the end of this lesson you should be able to:
Explain user account provisioning
Narration:
At the end of this lesson you should be able to:
Explain user account provisioning
Instructor Notes:
Development note: The objectives come from the Standard Structure Design document
fy11 app grid awareness trainingfinal.ppt
*
*
User Account Creation and Maintenance Scenarios
User Account Creation
User Account Maintenance
Each section relates to the Agenda items.
You can teach more than one objective in the section. All content in the section must relate to the objectives.
*
The customer plans to create new users within Oracle Fusion HCM on an ongoing basis.
The customer maintains a set of users in an on-premise LDAP that connects to multiple applications using Single Sign-On (SSO).
The customer, typically a very large company, has its own user account and role-provisioning system.
User Account Creation and Maintenance Scenarios
User Account Provisioning
Narration:
A customer's approach to account creation and maintenance for Oracle Fusion HCM users depends on their existing user base, whether or not their users are shared among multiple applications, and whether they plan to use Oracle Fusion HCM to handle their ongoing user account management needs. There are several possible scenarios, such as:
The customer plans to create new users within Oracle Fusion HCM on an ongoing basis- In this scenario, Oracle Fusion HCM operates as a standalone system, and HCM users are not shared with other applications in the enterprise.
The customer maintains a set of users in an on-premise LDAP that connects to multiple applications using Single Sign-On (SSO).
The customer, typically a very large company, has its own user account and role-provisioning system.
This lesson focuses on the first of the three scenarios-User Account Provisioning
Instructor note:
*
*
Automatically provisioned using Oracle
to create implementation users
User Account Creation
Narration:
User Account provisioning can be broadly categorized into User Account Creation & User Account Maintenance.
In User Account creation
You can configure Oracle Fusion HCM to create user accounts automatically when workers are hired using the New Hire flow.
You can also create user accounts using the Manage Users task. This is a quicker way of getting employees into the system than using the New Hire flow.
Note: Once an implementation is complete, HCM users do not typically use the Manage Users task; they use the New Hire flows, which are more functionally rich.
During initial implementation, user accounts are typically migrated to Oracle Fusion Applications using batch processes. Once you have implemented Oracle Fusion Applications, user accounts can be automatically provisioned using Oracle Fusion HCM tasks.
Use the Create Implementation Users task to create implementation users. Users created with this task are not mapped to an HR Person Type, such as Employee or Contingent Worker. However, you can map an implementation user to an employee later.
Instructor note:
NA
*
User passwords can be reset from with in HR UIs.
(Manage Job Roles & Manage User Account task)
Line managers and HR specialists can request
user accounts for workers that do not yet have one
Using the Manage Users task and
Manage User Account task
In User Account Maintenance
User accounts can be maintained using the Manage Users task in the Setup and Maintenance work area and the Manage User Account task in the Person Management work area.
User accounts can be automatically revoked when workers are terminated (based on account provisioning rules).
User passwords can be reset using the Manage Job Roles task in the Setup and Maintenance work area and the Manage User Account task in the Person Management work area.
Line managers and HR specialists can request user accounts for workers that do not yet have one
Instructor note:
NA
*
Narration:
This is Manage User Account page accessed through Person Management by HR Specialist.
You have option to Copy Personal Data to LDAP. In this, User accounts are automatically created and maintained in a LDAP directory by Oracle Identity Management (OIM). OIM holds some personal information about users, such as name, work phone number, and work location address. When you create or update personal information in HCM, it is copied automatically to OIM to ensure that Oracle Fusion HCM and OIM hold the same information about a user. If you make a change to a person's information that you want to send immediately to OIM, you can copy personal data to LDAP. This action is optional.
In Autoprovision Roles, When you auto provision roles to a user, the user's assignments are reviewed automatically against all current role mappings. if the user is eligible for the role but does not have it, it is immediately provisioned. If the user is no longer eligible for a role but still has it, it is immediately de-provisioned.
This role eligibility is part of Role Provisioning features & will be discussed in next section.
Instructor note:
*
*
In this section we will cover the following objectives:
Role-Provisioning: Overview
Each section relates to the Agenda items.
You can teach more than one objective in the section. All content in the section must relate to the objectives.
*
Hire an Employee
Users can self-request new roles
Line managers and HR specialists can request new roles and revoke existing roles from people they manage/administer
Narration:
Role provisioning is built into Oracle Fusion HR flows. You can initiate the provisioning and revoking of roles from within the following flows:
Hire an Employee
Promote Worker
Transfer Worker
We will show how role provisioning is integrated into the Hire an Employee flow in the last section of this lesson.
Users can self-request new roles if role mapping rules have been defined and the user meets the specified criteria.
Note: By default, users have no access to functions and data. To enable users to access functions and data, you must provision roles to them
Instructor note:
NA
*
Define Role-Provisioning Rules
Role-provisioning rules determine the roles that a user should have based on their HR assignments.
Role-provisioning rules define an association between a set of conditions (typically assignment attribute values) and one or more job, abstract, and data roles
Narration:
NA
*
Narration:
In this page you can define role provisioning rules. Use the Manage HCM Role Provisioning Rules task in the Setup and Maintenance work area to create and manage role-provisioning rules.
In this example, any employee who works for Vision Corporation, and is assigned the job of HR010.HR Specialist will automatically be given the Human Resource Specialist – Vision Operations data role.
If the user subsequently transfers to a different job, they will automatically lose this role.
Consider these Key Points:
Use the Conditions area to define the conditions that must be met for the mapping to apply.
Use the Associated Roles section to add one or more existing roles to the mapping rule.
Use the checkboxes (described in detail in the next slide) to determine whether a given role can be assigned automatically, manually, or by user request. Note that the Auto Provision option is selected by default; you must deselect it if you do not want the role to be automatically provisioned.
Instructor note:
NA
*
Narration:
When defining role-provisioning rules on the Create Role Mapping page, you have several provisioning options:
Auto Provision-Provisions roles automatically to all eligible users when at least one of their assignments is either created or updated and satisfies the role-mapping conditions.
An automatically provisioned role is de-provisioned automatically when the user’s assignments cease to satisfy the role-mapping conditions.
Requestable- Enables users, such as line managers and human resource specialists, to provision roles manually to other users. Users retain roles that are provisioned to them manually until either all their work relationships are terminated or the roles are de-provisioned manually.
Note: The criteria defined in the Conditions section must be satisfied by the user who is provisioning the role to other users, not by the users who are receiving the role.
Self-Requestable- Enables users to request roles for themselves. Users retain roles that they request for themselves manually until either all their work relationships are terminated or the roles are de-provisioned manually.
Apply Auto Provisioning- Provisions roles to users immediately, rather than waiting until the role is provisioned automatically or requested manually.
When you click this button, all assignments and role mappings in the enterprise are reviewed and any necessary provisioning and de-provisioning of roles occurs immediately. You can also perform auto provisioning from an individual user's account, in which case only that user’s assignments are reviewed and any necessary provisioning and de-provisioning of roles for that user occur immediately.
Instructor note:
NA
*
Predefined Role-Provisioning Rules
Each section relates to the Agenda items.
You can teach more than one objective in the section. All content in the section must relate to the objectives.
*
Automatically provisions the Line Manager role
Defines all predefined View All data roles as Requestable (manually provisioned)
Automatically provisions the Employee role
Automatically provisions the Contingent Worker role
Employee
The following role-provisioning rules are predefined for HCM Cloud environments:
Employee- Automatically provisions the Employee role
Contingent Worker- Automatically provisions the Contingent Worker role
Line Manager- Automatically provisions the Line Manager role
Requestable Roles- Defines all predefined View All data roles as Requestable (manually provisioned)
Instructor note:
NA
*
Narration:
Section 4 of this presentation explains integration with new hire flow.
In this section we will cover the following objectives:
Integration with New Hire Flow
Self-service role request
Role-Provisioning Best Practices
Each section relates to the Agenda items.
You can teach more than one objective in the section. All content in the section must relate to the objectives.
*
Narration:
To meet the conditions defined in the role mapping example on the Defining Role Provisioning Rules page, an employee would need to work for InFusion Corp USA1 and be assigned the job of HR010.HR Specialist. You specify the employee's legal employer on the Identification page of the Hire an Employee flow, as shown in this figure:
Manager Resources > New Person > Hire an Employee > Identification page
Instructor note:
NA
*
Narration:
You specify the employee's job on the Employment Information page of the Hire an Employee flow, as shown in this figure:
Manager Resources > New Person > Hire an Employee > Identification page > Person Information page > Employment Information page
Instructor note:
NA
*
Narration:
The Roles page of the flow shows the roles that will be automatically provisioned to the employee based on the selected job, along with the Employee abstract role:
Manager Resources > New Person > Hire an Employee > Identification page > Person Information page > Employment Information page>Roles Page
Instructor note:
NA
*
Narration:
Here we show how Amy Wong can manage her user account information in LDAP, from within the Person Gallery. Select the Manage User Account action from the Actions menu.
Instructor note:
NA
*
Auto Provision Roles
Narration:
In this page she can request additional roles for herself by clicking on Add Role button.
Roles are marked as self-requestable on the Manage Role Mappings page which is explained earlier.
Using this page, Amy can click on Copy personal data to LDAP action which will open a new window. This window is shown in next slide.
Instructor note:
NA
*
*
Narration:
On this page, Amy can check to see whether her user account data is up to date in LDAP. If it is not up to date she can initiate an HR-LDAP synchronization request for her user account. Identity data is pushed from HR to LDAP.
Identity data for HR people is periodically synchronized to LDAP using an ESS process called SEND PENDING LDAP REQUESTS.
Instructor note:
NA
*
Role-Provisioning Best Practices
Determine the roles that all workers of a particular type must have, and create role mappings to provision those roles automatically
Determine the roles that all line managers must have, and create role mappings to provision those roles automatically
Determine the roles that only some workers of a particular type will need, and autoprovision the roles if possible
Narration:
During implementation, consider the following approaches to role provisioning:
Determine the roles that all workers of a particular type must have, and create role mappings to provision those roles automatically.
For example, to ensure that all employees have the employee role, create a role mapping to autoprovision the role to eligible users.
Determine the roles that all line managers must have, and create role mappings to provision those roles automatically.
For example, if all line managers must have both the line manager role and a locally defined Expenses Manager role, then create a role mapping to autoprovision both of those roles to eligible users.
Note: Automatic role-provisioning rules for employee and line manager roles are predefined for Cloud HCM customers.
Determine the roles that only some workers of a particular type will need, and autoprovision the roles if possible.
For example, some human resource specialists may also need the benefits analyst role. If you can autoprovision those roles based on specific conditions, then create role mappings to provision those roles automatically. Otherwise, decide whether workers can request those roles for themselves or whether they must be provisioned by other users, such as line managers, and create the appropriate role mappings.
Instructor note:
NA
*
Remember that:
Automatic role provisioning is a time-saver and recommended for standard roles, such as abstract roles. It is highly efficient for mass role provisioning.
A single role mapping definition can be used to manage multiple roles and a mix of provisioning strategies, provided that the role mapping conditions are the same in all cases
Narration:
Remember that:
Automatic role provisioning is a time-saver and recommended for standard roles, such as abstract roles. It is highly efficient for mass role provisioning.
A single role mapping definition can be used to manage multiple roles and a mix of provisioning strategies, provided that the role mapping conditions are the same in all cases
Instructor note:
NA
*
Describing role-provisioning rules and its best practices
Usage of predefined role-provisioning rules
Integration of role provisioning into new hire flow
Narration:
Describing role-provisioning rules and its best practices
Usage of predefined role-provisioning rules
Integration of role provisioning into new hire flow
Instructor notes:
*
*
Lets do a review of the module
*
User accounts can be automatically provisioned using Oracle Fusion HCM tasks
User accounts can be automatically revoked within the Termination flow
Users can self-request new roles
Line managers and HR specialists can request new roles and revoke existing roles from people they manage/administer
Key Points
Narration:
Now that we have completed this lesson, let’s take a look at the key points. Please take a moment to review.
User accounts can be automatically provisioned using Oracle Fusion HCM tasks
User accounts can be automatically revoked within the Termination flow
Users can self-request new roles
Line managers and HR specialists can request new roles and revoke existing roles from people they manage/administer
Instructor notes:
*
*
1 - *
And that brings to an end of Fusion HCM Security Specialist Lesson 2
*