Oracle E-Business Suite Technology

Good point, Francois.  Thanks for noting that.Regards,Steven 

I think you should generalize the HR function to work with a registry of 'Persons', not employees.

In the same way that not all users are employees, human resources must manage people working for/within an organization who are not necessarily employees, such as contractors, temporary staff, etc.

It is after all Human Resources, not Corporate Resources. ;-)

--
François Gendron
Senior Orable Applications Consultant
La Société d'Informatique Gendron Inc.
(514) 212-3994

Steve, We had built a concurrent process that disables fnd_user for employee that had been retired; we'll be testing this solution to replace our custom code. One thing we’re interested too is the possibility to send an alert when an employee has change his assignment cause sometimes this could be a risk if the employee keep the previous responsibilities that give him access to some system options. It would be nice to have this type of alerts too.

Eduardo,That's an intriguing use-case; I'd be interested to hear how this works out for you.I'll pass on your comment about assignment changes to the HR Agent product management team.  If you'd like to request this functionality formally, I'd recommend filing an enhancement request via a Service Request so that we have a formal record backed by your customer ID, too.Good luck with your implementation.Regards,Steven 

Steven,

Does the same apply to suppliers, clients and prospects from Apps table?

I want all the contact info from these different "persons" to be available in the Collaboration Suite email global directory.

Thanks
Andrew

Hi, Andrew,Sorry for the delay in responding.  I've been working through my post-vacation backlog.No, the OID HR Agent doesn't synchronize suppliers, clients, or prospects from the E-Business Suite to Oracle Internet Directory.  I believe that those entities are handled in the TCA tables.  As far as I'm aware, we haven't built any automated capabilities to provision those entities to Oracle Internet Directory.  You may wish to log an enhancement request with details about the business scenario you'd like to be able to support.   Feel free to forward the ER number to me when you've logged it.Good luck with your implementation.Regards,Steven 

Steven,

I started to implement this flow, only to find that the OID connector to FND_USER was unable to populate the employee field on FND_USER, and ended up with duplicated records on the HZ tables. This was back on SSO RUP2. Since then we are using a custom component to do this until the OID connectors can provide this.

I dont know how much of this is implemented on the lastest SSO RUPs, but it would be nice to have the FND_USER connector understand that the OID entry belongs to a employee and associate the FND_USER entry to the existing person and person party.

Regards,
Luis

Luis,Thanks for your comments.  This sounds more like a bug with the earlier SSO RUP than a functional limitation.  Our OID - FND_USER synchronization provides the option to automatically link OID users with their corresponding FND_USER entries.  The primary requirement for this to work is that the OID and FND_USER userids be the same, after which they'll be linked via the same Global Unique Identifier (GUID).This is documented in Note 261914.1 in more detail.  If you continue to encounter problems with the latest SSO RUP (detailed in Note 233436.1), I'd suggest logging a formal Service Request in Metalink to engage on of our SSO integration specialists.Regards,Steven

Hi,
Our solution consists of Oracle EBS HR for employee management and Oracle IAM Suite for user management.

The roles on our solution architecture goes like this:
1. HRMS is responsible for PERSON lifcycle
2. OIM (Identity Manager) is responsible for USER lifecycle on various target system e.g. EBS and OID.

Now when trying to implement this all is needed is SSO registration between EBS and OSSO to achieve alos the single sign on. I've tried to use the script TXKRUN.PL -SCRIPT=SETSSOREG -REGISTERSSO=YES to achieve this. The script runs fine and the EBS appears as partner application on OSSO. The problem is that when the script is run no users cannot be created to EBS and ther error: LDAP_WRAPPER_CREATE_USER_FAIL(USER_NAME=FOO) (REASON=ORA-20001: Unable to call fnd_ldap_wrapper.create_user due to the following reason:
OID is not registered correctly. Please contact system administrator.) is thrown. Is there a way to avoid this? My USER creation should be handled by OIM not EBS.

Hi, Markku,

1. It's fine to consider OIM the master source-of-truth for user information. OID can receive updates from OIM, which are then pushed down to your EBS environment from OID. This would mean that you configure your EBS-OID integration to propagate changes unidirectionally from OID to EBS only.

2. Your error message strongly implies that the OID-EBS synchronization integration isn't configured properly yet. I would recommend logging a formal Service Request via Metalink against the AOL team; this will get one of our EBS Single Sign-on specialists engaged with this one.

Feel free to drop me an email with your SR # if it gets bogged down in some way.

Regards,
Steven

thaks for all yor contributions so far in ameliorating the pains we face at our respective offices.
i would want to know if there is a way where an administrator who logs in as oracle in the oracle data base will have a uniq user id that can be linked to him and also if there is a way of trackling every job done in the data base by the same adfnministrator. i.e, a compreehenssive log of all the activities carried out in the oracle data base

Hi,

We have a scenario where in we have OID Synchronized with EBS and have to introduce OIM for EBS account provisioning.

Please help me understand:

In this scenario OIM need to create the account in FND_USER table and that will get it synchronised with OID. -Use EBS connector
Or create an account in OID (use OID connector) and get it sync with EBS.

Hi, Venky,

We're still working on our OIM integration into an environment that already has EBS and OID in place. Until then, I don't have a lot of experience-based (and hence, officially supportable) guidance that I can provide here.

The potentially tricky thing about introducing OIM is to ensure that there are no conflicts with the existing EBS+OID synchronisation.

If you're brave enough to try this in advance of the publication of our best-practices recommendations, then I'd suggest that the choice of OIM connector depends on your current EBS+OID provisioning cardinality.

In other words, if you've currently selected the "EBS to OID" provisioning path, then OIM should push its newly-created users into EBS.

Likewise, if you've currently selected the "OID to EBS" provisioning path, the OIM should push its newly-created users into OID.

Good luck with this integration. Please feel free to share your experiences here or via a private email to me.

Regards,
Steven

Hi Steven,

Thanks alot for the comment.

Also what is minimum priviledge OIM can have to create and modify accounts in OID and EBS? -apart from sys admin.

Thanks.

Hi, Venky,

As I mentioned, I'm afraid that I don't have a lot of hands-on experience with OIM yet. Until we've published our EBS best practices paper (no ETA yet), your best bet would be to log a formal Service Request via Metalink against the OIM product to get help with this.

Regards,
Steven