setting up implementation users and sftp for releases 7 and 8
TRANSCRIPT
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
1/45
An Oracle White Paper
May 2014
Setting Up Implementation Users and SFTP forReleases 7 and 8
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
2/45
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
3/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
Overview ........................................................................................... 2
Overview: Setting up Required Implementation Users ....................... 3
Introduction.................................................................................... 3
Create Implementation Users in Oracle Identity Manager (OIM) .... 5
Synch Fusion HCM with Oracle Identity Manager (OIM) .............. 11
Create Data Roles in Fusion HCM ............................................... 13
Assign Security Profiles to Abstract Roles ................................... 19
Define Role Mapping Definitions for Abstract Roles in Fusion HCM21
Create Generic Role Mapping Definitions for HCM Data Roles in Fusion HCM.................................................................................................... 25
Assign Abstract and Data Roles to HCMUser in Oracle Identity Manager (OIM)& Change Service Administrator User Login ................................ 27
Verify HCMUser (Functional Implementation) User Login ............ 32
Overview: Resetting your HCM SFTP Server Password .................. 34
Log on to the Oracle Cloud User Interface to Access the Identity ManagementConsole ....................................................................................... 35
Change the SFTP User Password ............................................... 38
Validate Your SFTP Server Login ................................................ 42
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
4/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
2
Overview
This document provides instructions for Service Administrators of the HCM Cloud Service (or their
delegates) to achieve two very important objectives in the implementation lifecycle:
Setting up key implementation users and security profiles, required for both the initial
implementation of the HCM Cloud Service and its ongoing maintenance, enhancement, and use
over time.
Reset your Secure File Transfer Protocol (SFTP) password, required for managing certain
inbound and outbound interfaces. Examples are the outbound HCM System Extract transactions
and the Oracle Transactional Business Intelligence (OTBI) content.
Both of these activities should be set up in order to begin using implementing your HCM Cloud
Service. As identified in this document, the need to perform these tasks is initiated when you receive
e-mail notifications from Oracle that your environments have been provisioned and are available foruse.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
5/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
3
Overview: Setting up Required Implementation Users
Introduction
As the defined Service Administrator for the HCM Cloud Service, you are the one person in your
organization who has been provided with the URLs and passwords necessary to access the Service.
You receive this information by way of a notification from Oracle after your HCM Cloud Service
environments have been provisioned and released to you. This section of the document explains how
to access your Cloud environments for the first time for the purpose of setting up the key users
required for all subsequent access to the Service. The steps documented here must be performed prior
to releasing an environment to your implementation team.
This document provides step-by-step instructions for setting up three key implementation users:
OIM Admin: The user provided to access Oracle Identity Management (OIM) through the HCM
Cloud Service for key security-related functions.
Technical Admin:The user provided to access the HCM Cloud Service to perform key technical
duties, including setup and security-related functions within the HCM Cloud Service.
Functional Admin:The user provided to access the HCM Cloud Service to perform key functional
duties, including setup functions.
Note that you will not be assigning real people to these users at this time because the HCM Cloud
Service is not yet configured to support onboarding of workers. As you move forward with your
implementation and set up your security configurations, you may choose to replace these initial
implementation users or revise their definitions. For now, you should set up these three users exactly
as defined in this document.
This document provides step-by-step directions for setting up these users. Depending upon your
specific role with the HCM Cloud Service implementation and the level of familiarity you have with
navigating the Service, you may wish to work with a key implementation resource (e.g., your project
manager or a delegate) to perform the tasks documented here. Oracle recommends that you log on
initially and NOT share your Service Administrator log on credentials with anybody else.
Some general information about the implementation user setup described in this document follows:
1.Oracle recommends that you set up your implementation users in the Test environment first and
migrate the setups to Production after they have been tested and validated. This also allows your
project team to better understand the design and implementation details of security within the HCM
Cloud service in a Test environment prior to establishing users in the Production environment.
2.All of the security setup you perform as directed by this document can be changed later.
3.Be sure to make a note of the passwords and challenge questions you create for the users created in
this document.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
6/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
4
4.Check off each step as you complete it and be sure to follow these instructions exactly as
documented.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
7/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
5
Create Implementation Users in Oracle Identity Manager (OIM)
Summary: This activity creates the key implementation users required for your HCM Cloud Serviceimplementation and assigns them the required job roles. The following users are created:
OIMAdmin: OIM (Oracle Identity Manager) Admin
TechAdmin: Technical Admin
HCMUser: Functional Admin
What you will need for this step: The service activation notification you received from Oracle which
identifies Service URLs and Username/temporary password for the environment (Test or Production)
for which you are setting up implementation users. Make sure you use the correct email for the
environment you are setting up. The Identity Domain is the environment name. For example:
HCMA would be the production environment and HCMA-TEST would be the Test Environment.
Setup Steps:
5.Log on to the HCM Cloud Service for the environment in which you are doing setup, using the
Service Home URL provided to you in the service activation notification from O racle Cloud. The
URL ends with AtkHomePageWelcome or HcmFusionHome. Use your Service Administrator
Username which is also identified in your service activation notification. The password will either
be:
a. The password identified in the service activation notification, if this is your first time
accessing the HCM Cloud Service; or
b. The new password you provided the first time you accessed the HCM Cloud Service.
Note: The Username you log on with in this first step is yours as the Service Administrator and should
not be shared with anyone else.
6.If this is the first time you are accessing the HCM Cloud Service, you will be required to change your
password and answer some challenge questions.
a. Enter a new password, following the password policy guidelines on the screen.
b. Answer the challenge questions.
Make a note of your new password. This will be your Service Administrator password for all further
access to the HCM Cloud Service. Also, make a note of the challenge questions and answers; they will
be necessary in the event you forget your password.
7.Create the OIMAdmin user
a. From the Fusion Navigator (located at the upper-left of the screen), go to Tools >
Setup & Maintenance.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
8/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
6
b. Click the down arrow next to the left of the word Tasks and search for Create
Implementation Users.
Click the Go To Task icon to start Oracle Identity Manager (OIM).
c. Select the Administration menu (located at the top right of the page) and Select
Create User.
d. Set Last Name = OIMAdmin
e. Set Organization = Xellerate Users and User Type = Non worker
f. Set User Login = OIMAdmin and Password/Confirm Password = any value you
choose, as long as it complies with the password policy; if it does not, you wil l be
asked to provide a different password.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
9/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
7
g. Make a note of the assigned password. This user will be prompted to change the
password when they login to Fusion Applications the first time.
h. Save your work.
i. After saving, youll notice a set of tabs across the top of the page.
j. Select the Rolestab.
k. Click the icon to assign job roles. Search and add the following role: IT
Security Manager: Provides general systems IT security access.
l. Your setup should look like this example:
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
10/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
8
m. Close the OIMAdmin user window with the Close Single Tab option.
8.Create the TechAdmin user using the Create User option from the Administrative menu.
a. Set Last Name =TechAdmin
b. Set Organization = Xellerate Usersand User Type = Non worker
c. Set User Login =TechAdmin and Password/Confirm Password = any value you
choose, as long as it complies with the password policy. If it does not, you will be
asked to provide a different password.
d. Make a note of the assigned password. This user will be prompted to change the
password when he logs in to Fusion Applications for the first time.
e. Click the Savebutton.
f. After saving, youll notice that a set of tabs across the top of the page for the userappears:
g. Click the Roles tab.
h. Click the icon to assign job roles. Search for and add the following
roles:
IT Security Manager: provides access to required security setup areas.
Application Implementation Consultant: provides access to Administration
menu and additional functional setup navigation items.
Administrators: Weblogic access
Application Diagnostics Administrator
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
11/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
9
Application Diagnostics Advanced User
i. Close the page by clicking this button located at the top-right of the page.
9.Create the HCMUser user using the Create User option from the Administrative menu.
a. Set Last Name = HCMUser
b. Set Organization = Xellerate Users and User Type = Non Worker
c. Set User Login = HCMUser and Password/Confirm Password = any value you
choose, as long as it complies with the password policy; if it does not, you will be
asked to provide a different password.
d. Make a note of the assigned password. This user will be prompted to change the
password when they login to Fusion Applications the first time.
e. The page should look like this example:
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
12/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
10
f. Click the Save button.
g. After saving, youll notice that a set of tabs across the top of the page for the user
appears:
h. Click the Roles tab.
i. Click the icon to assign job roles. Search for and add the following
roles:
Application Administrator: Needed to audit trees, at a minimum.
Application Implementation Consultant: Provides access to Administration
menu and additional functional setup navigation items.
Application Diagnostics Regular User: Needed to actually run diagnostics
reports
Application Diagnostics Viewer: Views diagnostics reports
j. Close the page by clicking this button located at the top-right of the page.
k. Sign out of the HCM Cloud Service.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
13/45
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
14/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
12
6. From the Process Details page, Click the Submit button and close this window.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
15/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
13
Create Data Roles in Fusion HCM
Summary: This activity creates HCM data roles for the HCM-specific job roles you will need for the
implementation users you are creating.What you will need for this step:N/A
Setup Steps:
1.From the previous step, you should still be logged in as the TechAdmin user.
2.From the Fusion Navigator, go to Tools > Setup & Maintenance.
3.Click the down arrow next to the left of the word Tasks and search for Manage Data Role and
Security Profiles.
Click the Go to Task icon.
4.Create the HRAnalyst_ViewAll data role.
a. From the search page, Click the Create icon.
b. On the Data Role page, set Data Role = HRAnalyst_ViewAll and set Job Role =
Human Resource Analyst.
c. Click the Next button to go to the Security Criteria page.
d. Set Organization Security Profile = View All Organizations
Set Position Security profile = View all Positions
Set Legislative Data Group = View All Legislative Data Groups
Set Person Security Profile = View All People
Set Public Person Security Profile = View All People
Set Document Type Security Profile = View All Documents Types
Set Flow Pattern Security Profile = View All Flows
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
16/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
14
e. Click the Review button. Verify your data is correct.
f. Click the Submit button.
g. Search for the HCM data role you just created.
h. Verify that the status is "Complete". This means the data role was created correctly
in HCM and OIM.
If you do not see that the status is Complete, go no further. Instead, contact
Oracle Support and describe what you are doing; CloudOps will resolve the
underlying problem for you and you can continue.
5.Create the HCMApplicationAdministrator_ViewAll data role.
a. From the search page, click the Create icon.
b. On the Data Role page, set Data Role = HCMApplicationAdministrator_ViewAll
and set Job Role = Human Capital Management Application Administrator.
c. Click the Next button to go to the Security Criteria page.
d. Set Organization Security Profile = View All Organizations
Set Position Security Profile = View All Positions
Set Country Security Profile = View All Countries
Set Legislative Data Group = View All Legislative Data Groups
Set Person Security Profile = View All People
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
17/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
15
Set Public Person Security Profile = View All People
Set Document Type Security Profile = View All Documents Types
Set Payroll Security Profile = View All Payrolls
Set Flow Pattern Security Profile = View All Flows
e. Click the Review button. Verify your data is correct.
f. Click the Submit button. Search for the HCM data role you just created.
g. Verify that the status is "Complete". This means the data role was created correctly
in HCM and OIM.
6.Create the HRSpecialist_ViewAll data role
a. From the search page, click the Create icon .
b. On the Data Role page, set Data Role name = HRSpecialist_ViewAll and set Job
Role = Human Resource Specialist.
c. Click the Next button to go to the Security Criteria page
d. Set Organization Security Profile = View All Organizations
Set Position Security Profile = View All Positions
Set Country Security Profile = View All Countries
Set Legislative Data Group = View All Legislative Data Groups
Set Person Security Profile = View All People
Set Public Person Security Profile = View All People
Set Payroll Security Profile = View All Payrolls
Set Document Type Security Profile = View All Documents Types
Set Flow Pattern Security Profile = View All Flows
Set Workforce Business Process Security Profile = View All Workforce
Business Processes
e. Click the Review button. Verify your data is correct.
f. Click the Submit button.g. Verify that the status is "Complete". This means the data role was created correctly
in HCM and OIM.
7.If you have licensed the Fusion Workforce Compensation Cloud Service, create
CompensationAdmin_ViewAll and CompensationMgr_ViewAll data roles. If not, skip to the next
step.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
18/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
16
a. From the search page, click the Create icon .
b. On the Data Role page, set Data Role name = CompensationAdmin_ViewAll and
set Job Role = Compensation Administrator.
c. Click the Next button to go to the Security Criteria page
d. Set Organization Security Profile = View All Organizations
Set Position Security profile = View All Positions
Set Legislative Data Group = View All Legislative Data Groups
Set Person Security Profile = View All People
Set Public Person Security Profile = View All People
Set Document Type Security Profile = View All Documents Types
Set Payroll Security Profile = View All Payrolls
Set Flow Pattern Security Profile = View All Flows
e. Click the Review button. Verify your data is correct.
f. Click the Submit button.
g. Verify that the status is "Complete". This means the data role was created correctly
in HCM and OIM.
h. From the search page, click the Create icon .i. On the Data Role page, set Data Role name = CompensationMgr_ViewAll and set
Job Role = Compensation Manager.
j. Click the Next button to go to the Security Criteria page
k. Set Organization Security Profile = View All Organizations
Set Position Security Profile = View All Positions
Set Country Security Profile = View All Countries
Set Legislative Data Group = View All Legislative Data Groups
Set Person Security Profile = View All People Set Public Person Security Profile = View All People
Set Document Type Security Profile = View All Documents Types
Set Flow Pattern Security Profile = View All Flows.
l. Click the Review button. Verify your data is correct.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
19/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
17
m. Click the Submit button.
n. Verify that the status is "Complete". This means the data role was created correctly
in HCM and OIM.
8.If you have licensed the Fusion Global Payroll Cloud Service or Fusion Payroll Interface Cloud
Service, create PayrollAdmin_ViewAll and PayrollMgr_ViewAll data roles. If not, skip to the next
step.
a. From the search page, click the Create icon .
b. On the Data Role page, set Data Role name = PayrollAdmin_ViewAll and set Job
Role = Payroll Administrator.
c. Click the Next button to go to the Security Criteria page.
d. Set Organization Security Profile = View All Organizations Set Position Security profile = View All Positions
Set Legislative Data Group = View All Legislative Data Groups
Set Person Security Profile = View All People
Set Public Person Security Profile = View All People
Set Document Type Security Profile = View All Documents Types
Set Payroll Security Profile = View All Payrolls
Set Flow Pattern Security Profile = View All Flows.
e. Click the Review button. Verify your data is correct.
f. Click the Submit button.
g. Verify that the status is "Complete". This means the data role was created correctly
in HCM and OIM.
h. From the search page, click the Create icon .
i. On the Data Role page, set Data Role name = PayrollMgr_ViewAll and set Job Role
= Payroll Manager.
j. Click the Next button to go to the Security Criteria page
k. Set Organization Security Profile = View All Organizations
Set Position Security profile = View All Positions
Set Legislative Data Group = View All Legislative Data Groups
Set Person Security Profile = View All People
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
20/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
18
Set Public Person Security Profile = View All People
Set Document Type Security Profile = View All Documents Types
Set Payroll Security Profile = View All Payrolls
Set Flow Pattern Security Profile = View All Flows.
l. Click the Review button. Verify your data is correct.
m. Click the Submit button.
n. Verify that the status is "Complete". This means the data role was created correctly
in HCM and OIM.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
21/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
19
Assign Security Profiles to Abstract Roles
Summary: The HCM Cloud Service predefines Employee, Contingent Worker and Line Manager
abstract roles. This activity establishes reasonable, start-point security profiles for these abstract roles.As your move forward in your production security set up, your team can changes these initial setups.
What you will need for this step: N/A
Setup Steps:
1.From the previous step, you should still be logged in as the TechAdmin user.
2.From the Fusion Navigator, go to Tools > Setup & Maintenance.
3.Click the down arrow next to the left of the word Tasks and search for Manage Data Role and
Security profiles.
Click the Go to Task icon.
4.Assign security profiles to the Line Manager abstract role.
a. Search Role = Line Manager
b. Highlight the role and click the Assign button.
c. Set Organization Security Profile = View All Organizations
Set Position Security profile = View All Positions
Set Legislative Data Group = View All Legislative Data Groups
Set Person Security Profile = View Manager Hierarchy
Set Public Person Security Profile = View All Workers
Set Document Type Security Profile = View All Documents Types
Set Flow Pattern Security Profile = View All Flows
Set Workforce Business Process Security Profile = View All Workforce
Business Processes
d. Click the Review button. Verify your data is correct.
e. Click the Submit button.
5.Assign security profiles to the Employee abstract role
a. Search Role = Employee
b. Highlight the role and click the Assign button.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
22/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
20
c. Set Organization Security Profile = View All Organizations
Set Position Security Profile = View All Positions
Set Country Security Profile = View All Countries
Set Legislative Data Group = View All Legislative Data Groups
Set Person Security Profile = View Own Record
Set Public Person Security Profile = View All Workers
Set Document Type Security Profile = View All Documents Types
Set Flow Pattern Security Profile = View All Flows
d. Click the Review button. Verify your data is correct.
e. Click the Submit button.
6.Assign security profiles to the Contingent Worker abstract role.
a. Search Role = Contingent Worker
b. Highlight the role and click the Assign button.
c. Set Organization Security Profile = View All Organizations
Set Position Security profile = View All Positions
Set Country Security Profile = View All Countries
Set Legislative Data Group = View All Legislative Data Groups
Set Person Security Profile = View Own Record
Set Public Person Security Profile = View All Workers
Set Document Type Security Profile = View All Documents Types
Set Flow Pattern Security Profile = View All Flows
7. Click the Review button. Verify your data is correct.
8. Click the Submit button.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
23/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
21
Define Role Mapping Definitions for Abstract Roles in Fusion HCM
Summary: This activity defines role mapping definitions for the predefined Employee, Contingent
Worker and Line Manager abstract roles. The following setup creates reasonable, start-pointdefinitions of how Fusion security determines when to automatically assign (provision) these roles to
people. As you move forward in your production security set up, your team can changes these initial
setups.
What you will need for this step:N/A
Setup Steps:
1.From the previous step, you should still be logged in as the TechAdmin user.
2.From the Fusion Navigator, go to Tools > Setup & Maintenance.
3.Click the down arrow next to the left of the word Tasks and search for Manage HCM Role
Provisioning Rules.
Click the Go to Task icon.
4.Define role mapping definition for the Employee abstract role.
a. Click the Create icon .
b. Set Mapping Name = Employee
c. Set System Person Type = Employee
d. Set Assignment Status = Active
e. Set Role Name (at bottom) = Employee (click the + icon to add this Role Name;
search on Employee and select the existing Employee Role Name)
f. Confirm that Autoprovision = On by default; if it has not, set it = On.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
24/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
22
g. Click the Save and Close button.
5.Define role mapping definition for the Line Manager abstract role.
a. Click the Create icon .
b. Set Mapping Name = Line Manager
c. Set System Person Type = Employee
d. Set Assignment Status = Active
e. Set Manager with Reports = Yes
f. Set Role Name (at bottom) = Line Manager (Click the + icon to add this Role
Name; search on Line Manager and select the existing Line Manager Role Name)
g. Confirm that Autoprovision = On by default; if it has not, set it = On.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
25/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
23
h. Click the Save and Close button.
6.Define role mapping definition for the Contingent Worker abstract role.
a. Click the Create icon .
b. Set Mapping Name = Contingent Worker
c. Set System Person Type = Contingent Worker
d. Set Assignment Status = Active
e. Set Role Name (at bottom) = Contingent Worker (Click the + icon to add this
Role Name; search on Contingent Worker and select the existing Contingent
Worker Role Name)
f. Confirm that Autoprovision = On by default; if it has not, set it = On.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
26/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
24
g. Click the Save and Close button.
h. Click the Done button.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
27/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
25
Create Generic Role Mapping Definitions for HCM Data Roles in Fusion HCM
Summary: This activity defines the eligibility criteria for assigning the HCM data roles you previously
created to users. The following setup creates reasonable, start-point definitions of how Fusion securityenforces eligibility when these roles are requested for users. As you move forward in your production
security set up, your team can changes these initial setups.
What you will need for this step:N/A
Setup Steps:
1.From the previous step, you should still be logged in as the TechAdmin user.
2.From the Fusion Navigator, go to Tools > Setup & Maintenance.
3.Click the down arrow next to the left of the word Tasks and search for Manage HCM Role
Provisioning Rules.
Click the Go to Task icon.
4.Click the Create icon .
5.Set Mapping Name = Requestable Roles
6.Set Assignment Status = Active
7.At the bottom of the screen, select all of the data roles you previously created by choosing the +
icon, choosing the down arrow, and searching on each data role. For each, select the Requestable
check box, do not select Self-requestable, and uncheck Autoprovision.
a. HRAnalyst_ViewAll (mandatory)
b. HCMApplicationAdministrator_ViewAll (mandatory)
c. HRSpecialist_ViewAll (mandatory)
d. CompensationAdmin_ViewAll (only if you created this data role)
e. CompensationMgr_ViewAll (only if you created this data role)
f. PayrollAdmin_ViewAll (only if you created this data role)
g. PayrollMgr_ViewAll (only if you created this data role)
h. Click the Save and Close button to save this role mapping definition
8.Click the Save and Close button to save this role mapping definition.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
28/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
26
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
29/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
27
Assign Abstract and Data Roles to HCMUser in Oracle Identity Manager (OIM) &Change Service Administrator User Login
Summary: This activity assigns abstract roles (i.e., Employee, Line Manager, and Contingent Worker)and the data roles you previously created to HCMUser. Other important delivered roles (e.g.,
Application Implementation Consultant, Application Administrator) were assigned to the HCMUser
user when you created it previously. The following setup creates reasonable, start-point definitions.
As you move forward in your production security set up, your team can changes these initial setups.
What you will need for this step: OIMAdmin password.
Setup Steps:
1.Log on to the HCM Cloud Service environment using the OIMAdmin Username and the password
you created for this user previously.
2.If this is the first time you are accessing the HCM Cloud Service as the OIMAdmin (it should be),
you will be required to change your password and answer some challenge questions.
a. Enter a new password, following the password policy guidelines on the screen.
b. Answer the challenge questions as shown in the screen shot below.
c. This will be the OIM Admin password for all further access to Oracle Cloud
Services. Also, make a note of the challenge questions and answers; they will be
necessary in the event the password for this user is forgotten.
3.Click the Submit button.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
30/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
28
4.From the Fusion Navigator (located at the upper-left of the screen), go to Tools > Setup &
Maintenance.
5.Click the down arrow next to the left of the word Tasks and search for Create Implementation
Users.
Click the Go to Task icon to start Oracle Identity Manager (OIM).
6.Select the Administration option (located at the top, right of page).
7.Under the Users section, select the Advanced SearchUsers option.
8.Search User Login Begins With HCMUser.
9.From the search results, select HCMUser by clicking on the Display Name link. Go to the Rolestab. The following roles should already appear on the list of roles because you set these up when
you created the HCMUser user earlier: All Users, Application Administrator, Application
Diagnostics Regular User, Application Diagnostics Viewer, and Application Implementation
Consultant.
10. Click the Assign icon in order to assign the new data roles youve created.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
31/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
29
11. Click the Search button without providing any search criteria to see the list of all available roles.
12. Select each row you wish to assign to the HCMUser from the search results and then press the
Add button; you can select multiple rows.
a. Select the Contingent Work, Employee, and Line Manager roles
b. Select all of the data roles you previously created; this may include some or all of the
following, depending upon which Cloud Services you have licensed:
HRSpecialist_ViewAll
HRAnalyst_ViewAll
HCMApplicationAdministrator_ViewAll
CompensationAdmin_ViewAll
CompensationMgr_ViewAll
PayrollAdmin_ViewAll
PayrollMgr_ViewAll
13. HCMUser will now have 10 - 15 data roles, depending upon which Cloud Services you have
licensed. The sample below shows all 15 data roles. Confirm that you have assigned the data roles
correctly. If you need to remove a role because you selected it incorrectly, select the role and press
the Revoke button.
14. Close the OIMAdmin user window with the Close Single Tab option .
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
32/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
30
15. Reset your Service Administrator logon credentials for the HCM Cloud Service. The following
steps are necessary to avoid later problems in your implementation when you, the Service
Administrator, are loaded into the HCM Cloud Service as an employee. Note that you must use the
User Login = ServiceAdmin for all future access to the HCM Cloud Service when acting in the
Service Administrator role; you will no longer be using the User Login your received in the service
activation notification.
a. Under the Users section, select the Advanced SearchUsers option.
b. Search User Login Begins With . This is the User Login you received in the service
activation notification. Note that the User Login information in the sample below
will not match your User Login.
c. From the search results, select your Service Administrator User Login by clicking on
the Display Name link; this brings up the OIM page for maintaining users.
d. Delete the value in First Name
e. Set the Last Name = Service Admin
f. Delete the value in Email
g. Set User Login = ServiceAdmin
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
33/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
31
h. Press the Apply Button.
i. Close this page by choosing located at the top-right of the page.
16. Sign out of OIM.
17. Sign out of the Fusion HCM Cloud Service.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
34/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
32
Verify HCMUser (Functional Implementation) User Login
Summary: This activity verifies that the security setup you have done for the HCMUser user is
correct.What you will need for this step:HCMUser password.
Setup Steps:
1.Log on to the HCM Cloud Service environment using the HCMUser Username and the password
you created previously for this user.
2.As this is the first time you are logging on with this Username, you will be required to change the
password and answer some challenge questions.
a. Enter a new password, following the password policy guidelines on the screen.
b. Answer the challenge questions.
c. Make a note of your new password; this will be the HCMUser password for all
further access to the environment in which you are currently doing setup. Also,
make a note of the challenge questions and answers; they will be necessary in the
event the password for this user is forgotten.
3.Click the Submit button.
4.Verify the following menu items by choosing the Navigator.
a. For Talent customers, verify the Career Menu item appears.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
35/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
33
b. For Compensation customers, verify the Compensation and My Info > Total CompStatement appears.
c. For Payroll/Payroll Interface customers, verify that the Payroll menu appears.
5.Sign out of the Fusion HCM Cloud Service.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
36/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
34
Overview: Resetting your HCM SFTP Server Password
Your SFTP server is available as soon as your HCM Cloud Service environments are provisioned. As
the Service Administrator, you (or a delegate) will assign a password to the HCM SFTP user and
validate the SFTP server. You will access the Oracle Cloud UI to reset the HCM SFTP Server
Password. Note that customers typically set up the SFTP server in the Test environment first and then
reset the Production SFTP server password as needed.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
37/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
35
Log on to the Oracle Cloud User Interface to Access the Identity Management
ConsoleSummary: This activity logs you, the Service Administrator, on to the Oracle Cloud UI where you
will change the temporary password that was provided to you when you received the service activation
notification. Note that your Service Administrator Username is the same for both the HCM Cloud
Service Application and the Oracle Cloud UI when your environments are initially provisioned, but
these are two separate applications which do NOT share the same passwords unless you choose to
make them the same.
What you will need for this step:Service Administrator Username and password, your Identity
Domain, and the MyServices Administration URL. This information is contained in the Welcome to
the Cloud email notification.
Setup Steps:
1.Log on to the MyServices Administration site. The URL for this site is identified in the service
activation notification as MyServices Administration URL. Use your Service Administrator
Username and your Identity Domain. The password will either be:
a. The password identified in the service activation notification, if this is your first time
accessing the Oracle Cloud UI; or
b. The new password you were required to provide, if you have accessed the Oracle
Cloud UI before and changed the temporary password. If this is the case, skip to the
Change the SFTP User Password section below.
Note: The Username you log on with in this first step is yours, the Service Administrator. As with allUsernames and passwords, it is a best-practice to not share your log on credentials with anyone else.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
38/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
36
2.As this is the first time you are accessing the Oracle Cloud UI, you will be required to change your
password and answer some challenge questions.
a. Enter a new password, following the password policy guidelines on the screen.
b. Answer the challenge questions.
Make a note of your new password. This will be your Service Administrator password for all further
access to Oracle Cloud UI. Also, make a note of the challenge questions and answers; they will be
necessary in the event the password for this user is forgotten.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
39/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
37
3.Select the Submit button.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
40/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
38
Change the SFTP User Password
Summary: This activity changes the password for the SFTP user using security capabilities in My
Services. This is necessary in order to validate your SFTP server in the activity after this one, titledValidate Your SFTP Server Login.
Setup Steps:
1.From the My Services Dashboard, select hcmin the list of active applications.
2.Make a note of the following information from the page: Service SFTP Host & Portand HCM
SFTP User Name.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
41/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
39
3.Select the Securitybutton at the upper right of the page and then select the SFTP Userstab.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
42/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
40
4.Find the HCM SFTP User Name you noted above, select the icon to its right, and then select Reset
Password.
5.Enter a new password, confirm it, and press Save.
6.Press Savein the confirmation dialog box to commit your new HCM Service SFTP User Name
password. If the password you entered does not conform to the user name password policy, correct
it and save again.
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
43/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
41
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
44/45
Setting Up Implementation Users and SFTP: Releases 7 and 8
42
Validate Your SFTP Server Login
Summary: This activity validates your SFTP server for use.
What you will need for this step: The HCM Service SFTP User Name, the password you just
assigned, and the Service SFTP Host & Port you noted previously. You will also need to have an
SFTP client installed on the machine from which you are working. Your business may have a
preferred SFTP client software solution. Oracle makes no specific recommendation for which to use
but common examples are WinSCP and PSFTP from PuTTY
Setup Steps:
1.Create a new SFTP connection:
a. Set Server FTP Host Name =
b. Set SFTP Username =
c. Set Connection Type/Protocol = SFTP, SSH/SFTP, or equivalents
d. Set FTP Port =
e. Set FTP Password =
2.Verify that you successfully logged in and that you see the E_1 directory and the ftp_inbox link.
3.Open E_1 and verify that you see the ftp_inbox directory (also linked to from the link one level
up).
-
8/10/2019 Setting Up Implementation Users and SFTP for Releases 7 and 8
45/45
Setting Up Implementation Users and SFTP
Release 7 and 8
May 2014
Oracle Corporation
World Headquarters
500 Oracle Parkway
Redwood Shores, CA 94065
U.S.A.
Worldwide Inquiries:
Phone: +1.650.506.7000
Fax: +1.650.506.7200
oracle.com
Copyright 2013, Oracle and/or its affiliates. All rights reserved.
This document is provided for information purposes only, and the contents hereof are subject to change without notice. This
document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in
law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any
liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This
document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our
prior written permission.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and
are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are
trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 0113