EBS User Name Not Matching To IDCS or AD username
(Doc ID 2777348.1)
Last updated on JUNE 12, 2023
Applies to:Identity Cloud Service (IDCS) - Version N/A and later
Information in this document applies to any platform.
When using different attributes for federating with IDCS a custom attribute can be added for the EBS asserter.
Customer has an active directory federation with IDCS and EBS Asserter uses IDCS for authentication. The EBS application expects the name format to be 'uname' and the typical format for federation is to use an 'firstname.lastname@example.org'. Due to the fact that the customer had merged several directories, a third attribute needed to be mapped to the EBS asserter from AD through to EBS.
idcs.user.identifier in the bridge.properties file from the EBS Asserter
EXCERPT FROM INSTRUCTIONS
This is an optional parameter. The Oracle Identity Cloud Service user attribute used to match with ebs.user.identifier. Allowed values are username (representing the username attribute in Oracle Identity Cloud Service), email (representing the email attribute in Oracle Identity Cloud Service), custom attribute name (representing the custom attribute of a user in Oracle identity Cloud Service e.g: employee_no). If this value is not provided in bridge.properties, then it will be defaulted to the value of ebs.user.identifier. Ensure that there is one-to-one mapping between the idcs.user.identifier attribute in Oracle Identity Cloud Service to the ebs.user.attribute attribute in FND_USERS otherwise the login will fail.
The custom attribute feature is available in EBS Asserter version 20.1.3 onwards
NOTE: The attribute in IDCS MUST be a Custom Attribute that is created and populated in the directory.
1. From IDCS console, go to Settings, and then select Schema Management.
2. Click Edit User, and then click Add.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document