Security Console

The Security Console is an administrative interface for security management.

Using the Security Console, you can

Roles

Create, Edit, Copy job, abstract, and duty roles:

For more information refer to previous post here

View the roles assigned to a user and identify users who have a specific role:

To use the Security Console to identify all users who have a role:

• Search for and select the role.

• Set Expand Toward to Users

• The Visualization area shows the role and its hierarchy. In the refreshed visualization, solid blue squares identify users.

You can also see this information on the Users train stop when you edit a role.

Simulate Navigator

To help you design your roles, you can simulate the Navigator menu for a particular user or role:

When you click a menu entry you can view the roles that grant access to the entry and the privileges that are required. This feature is available regardless of whether the menu entry is available to the role or user.

The padlock icon means that the menu item is not available to this user or role.

?Compare Roles

You can compare two roles of any type to identify differences and similarities in function security policies, data security policies, and inherited roles.

For example ,comparison of the Benefits Administrator role with the Benefits Specialist role.

You can identify a combination of function security policies, data security policies, and inherited roles to compare.

You can view the security artifacts for both roles, or just those that appear in only one of the roles or only in both roles.

You can also copy a selected security policy from the first role to the second by clicking Add to Second Role. This is allowed only if the second role is a custom role.

Users

• Create user accounts.
• Review, edit, lock, or delete existing user accounts.
• Compare users.
• Assign roles to user accounts.
• Reset users' passwords

For more information refer to previous post here?

Analytics

On the Analytics tab you can view statistical and other information about roles.

For a role category, such as HCM - Job Roles, you can see these numbers:

• Roles in the category
• Role memberships, which is the roles that are inherited by roles in the category. These are listed when you select a role category.

• Function security policies and data security policies granted to all roles in the category. Policies are displayed when you click the name of a role that is in the role category.

On the database resources tab of the Security Console analytics page, you can search for a data resource, and then view the data security policies that grant access to the database resource.

You can also view roles with direct or indirect access to the selected database resource, and view users who are assigned roles with access to the selected database resource.

In any of these tables, you can add or remove columns, search the results, or export the results to a spreadsheet

Certificates

You can manage certificates in X.509 and PGP formats. You can:

• View certificate details.

• Import existing certificates from certificate authorities, and export certificates for signing by a certifying authority or for use in other certificate systems.

• Delete deactivated certificates.

• Generate PGP certificates.

User Categories

With user categories, you can categorize and segregate users based on your functional and operational requirements. They provide you with the option to group a set of users such that specified settings apply to everyone in that group. All existing users are automatically assigned to the DEFAULT user category unless otherwise specified.

Scenarios for Creating User Categories

• Organizations have unique user management policies.
• Password reset policies are not the same for all users.
• Different groups of users have their own preferences for receiving notifications.

Details

Password Policy

Password policies can be configured for each user category. Some examples for password policies are:

• The number of days user passwords are valid
• Days before password expiration notification
• Password complexity requirements
• Disallow last password
• If an administrator can manually reset password

?

Notifications

Notifications can also be configured for each user category.

Users are notified automatically about user account and password events.

These notifications are based on templates. Many are predefined, but you can create your own templates.

For a notification to be sent, notifications must be enabled.

After enabling notifications, you can then disable specific notifications that you do not want sent.

You can manage notifications by user category. You can enable and disable notifications based on the needs of the users in that category.

Users

?

Single Sign-on

You can provide users with a seamless single sign-on experience with different internal and external applications when you set up the Oracle application cloud as a single sign-on service provider. When you do this ....

• Oracle Applications Cloud, which is set up as a service provider, sends a verification request to the user's identity provider which has been added to the Security Console.
• The identity provider verifies the user credentials and sends the authorization and authentication response back to the service provider.
• After successful authentication, users are granted access to the required application or web page.
• When users sign out from one application, they're automatically signed out from all applications on the network. This is to prevent unauthorized access and to ensure that data remains secure all the time.

?

You configure an identity provider to support authentication when users need to access different internal and external applications.

Identity Provider Details include:

• The sign out URL where users are redirected to once they sign out from the application.
• The Name ID Format, which can be an email, for example.
• The relay state URL where users are directed to sign in and authenticate irrespective of which application they want to access.

API Authentication

You use the API Authentication tab to configure inbound and outbound authentication so that third-party users can access services of the application.

Oracle Applications Cloud supports the JSON Web Token (JWT), Security Assertion Markup Language (SAML), and Security Token Service (STS) tokens for inbound authentication.

For outbound authentication, the application supports JWT Custom Claims and the Oauth protocol.

Administration

• On the Roles tab of the Administration page, you can use Role Preferences to specify default prefix and suffix values for copied roles. When you copy a role, these are added to the copied role name and role code.
• The number of nodes visible in a graph can be very high. You can limit the number of nodes by setting the Graph Node Limit option.
• To show the graphical format of a role hierarchy by default, deselect Enable default table view.

There are two security artifacts that you can't manage using the Security Console.

• You can't use the Security Console to manage HCM data roles. Although you can review HCM data roles in the Security Console, you manage them using the Data Role and Security Profiles task.
• You can't use the Security Console to manage aggregate privileges. All aggregate privileges are predefined and you can't create, copy, or edit them.