This document will continue to evolve as existing sections change and new information is added. All updates are logged below, with the most recent updates at the top.
25 JUL 2017
Oracle Financial Reporting Compliance:
New feature delivered in Update 8 (August), which will also be included in the August Quarterly update.
24 MAY 2017
New feature delivered in Update 6 (June), which will also be included in the August Quarterly update.
21 APR 2017
New feature delivered in Update 5, the May Quarterly update.
05 DEC 2016
Initial Document Creation
At Oracle, delivering products that reflect a superior and secure user experience is the result of an enormous investment. To understand your pain points, we spent countless hours examining how people like you actually work and use our enterprise applications. We then work closely with product management, security experts, strategy, and development to design innovative applications that help you to be more productive, secure, efficient, and effective.
Oracle Fusion Applications Security provides a single console where IT Security Managers and Administrators can perform various functions including user lifecycle management, role definition, security policy management (both functional and data), role hierarchy maintenance, username and password policy administration, and certificate management. The console also enables users to simulate the effect of security changes, to run security reports, and download a connector for integration with Microsoft Active Directory.
In Release 12, Oracle Fusion Applications Security offers several new capabilities that offer customers the following benefits:
- A Simplified User Experience for the IT Security Manager - Prior to Release 12, security administration functions were distributed across Oracle Identity Management (OIM) and Authorization Policy Manager (APM). In Release 12, these functions are delivered through a single interface – the Security Console. OIM and APM are no longer available in R12.
- Easy Integration with Identity and Access Management (IDM/IAM) Systems - New capabilities to synchronize user account information with Identity and Access Management (IDM/IAM) systems. This synchronization enables the delivery of a Single Sign-On experience through these systems.
- An Upgrade-Safe Reference Role Model - Starting in Release 12, pre-defined roles that are shipped with Oracle Applications Security will be locked down. Customers will not be able to modify the functional and data security policies that are associated with these roles. They can, however, add new data security policies to these pre-defined roles. In addition, privileges and resources are protected. Users cannot create or modify these artifacts
- Enhanced Set of Self-Service Capabilities - Administrators are able to manage the entire user lifecycle. They can customize how notifications are generated and sent for various user lifecycle events including user account creation, and password management.
For Microsoft Active Directory (AD) and Oracle Identity Management (OIM), customers can download and install connectors that will automatically synchronize user account information between Oracle Fusion Applications and these IDM systems. As in Release 11, customers must continue to log a Service Request (SR) to set up federated Single Sign-On (SSO) between these systems. Once federation is enabled, the connectors will synchronize the information.
Release 12 also delivers a REST API based on the SCIM (System for Cross-Domain Identity Management) standard. Customers can use this API to create user accounts, modify user attributes (e.g. email), enable/disable users, and fetch user account and role information.
Locking down these security artifacts enables safe upgrades to pre-defined roles, since the possibility of conflict with customer introduced changes to these roles is now eliminated. This, in turn enables customers to safely adopt new enhancements that may be delivered with pre-defined roles in future releases. As in Release 11, customers can make copies of pre-defined roles and freely customize these copies.
Administrators can also tailor username and password generation by choosing from a list of shipped policies.
Create, manage, and assign user accounts using the Security Console. You can also search, retrieve, and manage user accounts automatically created for employees, contingent workers, supplier contacts, or partner contacts.
Manage passwords of other user accounts as an administrator. You can auto-generate or manually enter a password for a user account. You can also define password lifecycle and complexity policies. Passwords will be automatically validated against these policies.
View only certain components of a role in the graphic visualizer. You can view only the privileges, aggregate privileges or roles assigned to a role. You can also view the graphic visualizer in full screen mode and pan over a specific region in the graph.
For complex roles, these features enable you to reduce the amount of information visualized and to focus on the area within the role hierarchy that requires your attention.
Define user name generation rules that will be used to auto-generate the user name when a user is created. You can define user name generation rules to be based on the user’s first and last names, first initial plus last name, e-mail or person or party number. You can also choose to use a system generated user name if the rule fails to generate a user name.
Define policies for password management. These policies can define the duration for various password lifecycle events like password expiration and password warning generation. You can also set the complexity of generated passwords by choosing from a pre-defined list of rules.
Define custom notification templates for your user account life cycle events. You can also use pre-defined notification templates. These templates will be used to generate notifications for events like user account created, user password reset and user password expiry warning.
Identify a predefined (factory shipped) Oracle role when viewing the role. Predefined Oracle roles are locked and you cannot customize the Oracle delivered functional and data security policies associated with these roles. You can, however, add data security policies to these roles.
Simplify Single Sign-On with Microsoft Active Directory by downloading and installing the Active Directory Bridge from the Security Console. Automatically synchronize user account information between Oracle Fusion Applications Security and Microsoft Active Directory.
Enhanced password reset flow. Now a notification email will be sent to the user who requests a password reset. The user will be required to click on this link within a specific period of time to change the password. This replaces the previous flow where users were required to answer a series of challenge questions to reset the password.
Streamline use of some of the functionality that you have used in the past with the Security Console. The Security Console now includes the following functionality:
- User Account information such as password, lock and unlock are managed in the security console.
- Roles are now managed directly in the Security Console and are no longer managed within Oracle Identity Manager or Authorization Policy Manager.
- Privileges are predefined by Oracle and are no longer created or managed by the user.
- You can now view, create or change roles without first selecting an application.
Resources are now granted through privilege and are no longer granted directly to Roles.
Oracle Risk Management Cloud offers Financial Reporting Compliance, which documents your policies for identifying and resolving risk in your financial processes.
Changes have been made to jobs that run in Oracle Risk Management Cloud to synchronize users, roles, worklists, and other related security artifacts. The following changes have been made to areas under Risk Management Tools, Setup and Administration:
- A User and Role Security Synchronization job initiates predefined security objects when you set up applications in Risk Management Cloud. Subsequently, as you modify users or roles, this job synchronizes user and role definitions. Schedule this job to run regularly.
- A Worklist Security Synchronization job ensures that as user and role definitions change, users have appropriate access to worklists (notifications of tasks to be completed). Schedule this task to run regularly. However, the User and Role Security Synchronization job should always run first.
- These jobs replace jobs that no longer exist. The obsolete jobs include:
- Initiate Predefined Mappings, which had run from the Security Configuration page.
- Schedule Security Optimization, which had run from the Application Configuration page.
Changes have been made to some predefined duty roles in Oracle Risk Management Cloud Release 12. When you are upgrading from Release 11 to Release 12, review and compare any custom duty roles that used a copy of a predefined role and evaluate if any changes are necessary in Release 12.
While Risk Management provides robust functionality as delivered, you can use Page Composer to make changes to it, if necessary. Risk Management has now been enabled to work with the common Page Composer tool.
Oracle Financial Reporting Compliance Cloud consolidates the process of documenting and assessing your business practices to satisfy financial reporting regulations, such as Sarbanes-Oxley and equivalent laws around the world and in the public sector. You can:
- Identify and assess financial reporting risk enterprise-wide.
- Respond to risks by selecting, assessing, testing, and strengthening financial reporting controls.
- Determine control and operational effectiveness accurately and comprehensively.
- Review and remediate issues for both control failures and audit findings.
- Certify controls and financial reports.
Search regions for Financial Reporting Compliance object management pages, such as processes, risks, controls, and issues, has been moved to the left side of each page.
Financial Reporting Compliance delivers two subject areas that allow creation of analyses based on Financial Reporting Compliance data. These include Risk Management Cloud - Compliance Real Time and Risk Management Cloud - Assessment Results Real Time.
Copyright © 2016, 2017, Oracle and/or its affiliates. All rights reserved.
This document is provided for information purposes only, and the contents hereof are subject to change without notice.This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced ortransmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.