X

Best Practices from Oracle Development's A‑Team

Extend HCM Cloud with workflow process in Oracle Integration Cloud

Introduction

Oracle Integration Cloud provides rich work flow capabilities that can be integrated with Oracle SaaS applications. Oracle HCM cloud provides approval and work list capabilities for most needs. However, there are use cases where a complex workflow with multiple approvals and ability to enrich approval data from  multiple applications will be necessary. In this post, let's look at seamlessly integrating integration cloud process user interfaces with HCM cloud. 

Overview

Instructions in this post are applicable to Oracle Integration cloud on Oracle Cloud Infrastructure (OCI). Each OCI tenancy is associated with an IDCS instance, which supports identity federation with Oracle SaaS applications. Enabling identity federation with IDCS also allows seamless integration with many other Oracle PaaS products. The high-level steps are:

Here is a depiction of the SAML federation solution:

User logs into HCM Cloud and opens a page with an embedded OIC process page. The OIC  process page should display content specific to the currently signed-in user without requiring user to log into IDCS or HCM Cloud. Steps 3,4 and 5 are transparent to the end user. 

Enable identity federation between IDCS and HCM Cloud

Before identity federation can be validated, users and role assignments also must be synchronized between HCM Cloud and IDCS. There are several ways to achieve it. Follow instructions at this link to use the ESS Job in SaaS to synchronize users and role assignments. This task can be entirely performed by customers as self service.

Identity federation allows SaaS and OIC authenticate and authorize the same user.  Integration Cloud authenticates and authorizes users through IDCS. By enabling federation, users can log into HCM Cloud and be automatically recognized and authorized by integration cloud. 

Let's look at the most common federation scenario where IDCS is a service provider (SP) to HCM Cloud as the identity provider (IDP). This means users originate in HCM cloud and HCM login will be the primary login for Integration cloud.

There are other possibilities to federate-IDCS as IDP and HCM Cloud as SP or use a 3rd party provider such as Activity Directory as IDP for both OCI and HCM Cloud as service providers. 

Follow the instructions at this link to enable federation. These steps will require Oracle support's intervention, so allow about a week for all of the tasks to be completed and federation verified. At  a high level,Customer completes initial steps and opens a SR to Oracle support. Upon completion by Oracle support, customer completes the remaining steps and validates federation.  Note that oAuth trust is not a must for UI  integration to work, but its suitable for integrating with fusion API. 

Add Oracle Integration Cloud (OIC) to an Identity provider policy

This task must be performed once identity federation s validated.  Navigate to IDCS console, to "Security" and then to "IDP Policies".

Add a new IDP policy.  For "Identity Providers", select the IDP in IDCS that represents HCM Cloud. Under "Apps" select the IDCS application that's created for the Integration Cloud instance where workflows will be deployed. 

Save the IDP policy.  At this time, when a Integration Cloud UI link is opened, login page from HCM Cloud is displayed, if there is no active HCM cloud login. Otherwise, Integration cloud will automatically login and  display features accessible to the currently logged-in HCM user. 

Figure: IDP policy for Integration Cloud application

Embed process UI in HCM cloud

With the previous tasks completed and verified, we're ready to embed Integration cloud process pages in HCM Cloud.  Refer to this blog  that focuses on embedding process UI components in other applications. For this blog, let's take the straight forward approach is to embed these pages into HCM Cloud using Page Integrator tool. 

  • List of tasks assigned to the currently logged-in user at https://<OIC host name>/ic/process/workspace/pages/tasklist.html

  • Launch a new process instance using start form page at https://<OIC host name>/ic/pub/components/pages/startform.html?&startformData={"processDefId":"oracleinternalpcs~FormApproval02!1~ApprovalProcess", "serviceName":"ApprovalProcess.service","operation":"start","startType":"START_PCS_FORM"}

Here are the overall steps to embed the URLs:

  • Create a new page in "Page Integration" and place it under appropriate navigation menu.

  • Create a new tab under the new page. 

  • Edit the page to add "Web page" control on each tab.

  • Set the "Web page" controls to the Integration Cloud process URLs listed previously.

  • Save the page and test.

Page integrator tool allows creating new pages to HCM Cloud. Navigate to "Page Integration" under "Configuration" section of the navigation menu in HCM cloud.  Click "New Page" 

Set the values in "New page" dialog and save the page. The main page will display the process worklist from integration cloud.

Edit the new page in "Page Integration" and add a new tab named "New Approval". This tab will display a start form to launch a new approval process in Integration Cloud. 

Now that the page with an additional tab is added, next step is to edit the page to add  place holders for  the Integration Cloud links. This is achieved by adding a "Web page" component to the main page and another to the tab. After adding the Web page component, edit the component to set the Integration cloud link.  

That's all. As soon as the "Web page" URL is set, you;ll see the page loading into the component. Given that the currently logged-in HCM user has access to Integration Cloud (via permissions granted in IDCS) and has some tasks, the task list should be populated with pending tasks for the user.   The New approval tab shows a start form. If the form is submitted, a new approval flow is started by the current HCM user.

Here is the process worklist embedded in HCM page:

And this is the new approval tab:

References:

Enable identity federation with  Oracle Fusion SaaS as IDP.

Enable user and role assignment synchronization between SaaS and IDCS.

Embedding process UI components in other applications

 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha