My Oracle Support Banner

Questions on REST APIs Use for Security Management User Access Management (Doc ID 2547505.1)

Last updated on APRIL 19, 2021

Applies to:

Oracle Financial Services Analytical Applications Infrastructure - Version 8.0.5 and later
Information in this document applies to any platform.
Oracle Financial Services Analytical Applications (OFSAA)
Oracle Financial Services Analytical Applications Infrastructure (OFSAAI)

Goal

Question 1: SailPoint Integration with OFSAA 8.0.5 for User Access management

Based on an enterprise wide push to have SailPoint implemented for all Active applications, have reviewed Document 1541396.1 Can User Authorization Be Done Outside Security Management System:

1. Will the document referred in the Doc ID above, i.e. User_Provisioning_API.docx applicable to OFSAA 8.0.5 as well?
2. As part of OFSAA 8.0.5.X has there been introduced any inherent features/API's (apart from Web services) to integrate third party user management tools?
3. Can the Third Party tool be allowed to edit the OFSAA CSSMS_* tables directly? Will this lead to Support issues.
 
Question 2: Is new group creation or group level maintenance activities supported via REST API's?
 
Question 3: Is there at least an Account group aggregation API to pull all entitlements (groups) within the application? To add some context here, if the person initiating REST API needs to know what all are the available Groups for User-Group mapping and their description, how do they get that?
 
Question 4: Is it required to create a separate User id for the third party IAM to be able to use REST API? If yes, what all groups/roles should that user id be given?
 
Question 5: REST API's presently support the below functionalities.
1. Create User
2. Update User
3. Delete User
4. Authorize user
5. Re-instate user
6. Map user to group

Now, if an employee leaves a firm and the user should be deleted from OFSAA, ideally Functionality #3 would be used to Delete user.
However, one cannot delete a user until the user is unmapped from all user-user group maps.

But via REST API, facility to un map user is not provided. Can the unmap user functionality be included in REST APIs?

Question 6: What options are available for user provisioning (add, delete, enable, disable, password change, map/unmap group) within OFSAA?

1. Manual UI
2. REST API
3. OIM Connector
4. userpasswordreset
5. useraction

Are there other methods than the above that can facilitate user provisioning (add, delete, enable, disable, password change, map group / unmap group)?

Question 7: Regarding "userpasswordreset": Is there a way to bypass the interactive prompts?

Question 8: Regarding "useraction": What actions other than enable/disable are available?

Question 9: Regarding REST API for user maintenance.

Update User:
When attempting to update a user the user name is required else it will default to user id.
When attempting to update a user the user start date is required else it will default to SYSDATE.

Are these expected use cases?

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.