You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

How can we use Oracle Fusion HCM application extensions to authorize an IAM oAuth client?

in HCM Integrations

Summary:

We need to call an Oracle Fusion HCM REST API endpoint using an oAuth client WITHOUT creating a "shadow account" in HCM to match the oAuth ClientID. We believe this is possible using the new(ish) "application extensions" feature within HCM security console. We can assign an HCM role DIRECTLY to the oAuth application using this feature. We setup a test-case:

  • Create oAuth client in the IAM domain. Grant_Type = Client Credentials, confidential application, trusted, HCM Fusion scope…all the required setups.
  • Create an HCM user account with the HCM username matching, exactly, the oAuth ClientID. Assign an HCM role, let's call it "oAuth Role", to the HCM user to authorize an HCM REST API. This is the shadow user account which has a local HCM password.
Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!