Oracle HCM Cloud Common Release 12 New Feature Summary December 2016

1

TABLE OF CONTENTS REVISION HISTORY ............................................................................................................................................. 3 OVERVIEW ......................................................................................................................................................... 4 HCM COMMON FEATURES ................................................................................................................................. 5 APPLICATIONS SECURITY .....................................................................................................................................................5 User Account Management ............................................................................................................................................... 6 Securing Oracle HCM Cloud Administrator Password Management ................................................................................. 6 User Password Management (Self-Service) ....................................................................................................................... 6 User Account Locking ......................................................................................................................................................... 7 Enhanced Role Visualization .............................................................................................................................................. 7 Tabular Role Hierarchy View .............................................................................................................................................. 7 Search in Role Hierarchy Visualization ............................................................................................................................... 7 User Name Generation Rules ............................................................................................................................................. 7 Password Policies ............................................................................................................................................................... 7 Notification Templates....................................................................................................................................................... 7 Upgrade-Safe Management of Factory Shipped Roles ...................................................................................................... 8 Bridge for Microsoft Active Directory ................................................................................................................................ 8 User Password Changes Audit Report................................................................................................................................ 8 Integrate Custom Identity Management Solution ............................................................................................................. 8 Password Reset .................................................................................................................................................................. 8 Security Console................................................................................................................................................................. 8 HCM SECURITY ....................................................................................................................................................................9 Person Security Profiles Support Areas of Responsibility .................................................................................................. 9 HCM Data Roles Support Areas of Responsibility .............................................................................................................. 9 Role Provisioning Supports Areas of Responsibility ........................................................................................................... 9 Access to Future-Dated Person Records ............................................................................................................................ 9 Include Related Contacts Option No Longer on Person Security Profiles .......................................................................... 9 New Location for Roles Information in New-Hire Task Flows .......................................................................................... 10 Provision Roles Automatically to Oracle Service Cloud External Contacts....................................................................... 10 Reduced Frequency for the Retrieve Latest LDAP Changes Process ................................................................................ 10 Redundant Privileges Removed from Predefined Job and Abstract Roles ....................................................................... 10 User and Role Provisioning Options Moved to the Security Console............................................................................... 10 Default User Notification Preferences Managed on the Security Console ...................................................................... 10 Reset Password Link Replaces Generated Temporary Passwords ................................................................................... 10 Changed Behavior of the Credentials Sent Indicator ....................................................................................................... 11 User Accounts No Longer Created Automatically for Users Loaded in Bulk .................................................................... 11 Alternate Contact E-Mail Address No Longer on the User Interface ............................................................................... 11 HCM DATA LOADER ...........................................................................................................................................................12 Estimated Time to Complete Load ................................................................................................................................... 12 Spreadsheet Data Loading ............................................................................................................................................... 12 HCM COMMON TRANSACTIONAL BUSINESS INTELLIGENCE ...............................................................................................13 OBIEE Answers Enhancement: Subject Area Search ........................................................................................................ 13 OBIEE Answers Enhancement: Save a Column ................................................................................................................ 13

2

REVISION HISTORY This document will continue to evolve as existing sections change and new information is added. All updates are logged below, with the most recent updates at the top. Date 05 DEC 2016

What’s Changed

Notes Initial Document Creation

3

OVERVIEW Oracle HCM Cloud release documents are delivered in five functional groupings: Suggested Reading for all HCM Products: •

HCM Cloud Common Features (This document pertains to all HCM applications. It is the base human resource information for all products and HCM Tools.)

•

Global Human Resources Cloud (Global Human Resources contains the base application in which other application use for common data such as workforce structures and person information. Regardless of what products you have implemented you may want to see the new features for Global Human Resources that could impact your products.)

NOTE: Not all Global Human Resource features are available for the base Talent and Compensation stand alone applications. Optional Reading for HCM Products (Depending on what products are in your cloud service): •

Talent Management Cloud (All Talent applications)

•

Workforce Rewards Cloud (Compensation, Benefits, Payroll and Global Payroll Interface)

•

Workforce Management Cloud (Absence Management and Time and Labor)

Additional Optional Reading: •

Common Technologies and User Experience (This documents the common features across all Cloud applications and is not specific to HCM)

NOTE: All of these documents can be found on the Oracle Help Center at: https://cloud.oracle.com/saasreadiness/hcm under Human Capital Management Release Readiness.

4

HCM COMMON FEATURES APPLICATIONS SECURITY Oracle Fusion Applications Security provides a single console where IT Security Managers and Administrators can perform various functions including user lifecycle management, role definition, security policy management(both functional and data), role hierarchy maintenance, username and password policy administration, and certificate management. The console also enables users to simulate the effect of security changes, to run security reports, and download a connector for integration with Microsoft Active Directory. In Release 12, Oracle Fusion Applications Security offers several new capabilities that offer customers the following benefits: •

A Simplified User Experience for the IT Security Manager - Prior to Release 12, security administration functions were distributed across Oracle Identity Management (OIM) and Authorization Policy Manager (APM). In Release 12, these functions are delivered through a single interface – the Security Console. OIM and APM are no longer available in R12.

•

Easy Integration with Identity and Access Management (IDM/IAM) Systems - New capabilities to synchronize user account information with Identity and Access Management (IDM/IAM) systems. This synchronization enables the delivery of a Single Sign-On experience through these systems. For Microsoft Active Directory (AD) and Oracle Identity Management (OIM), customers can download and install connectors that will automatically synchronize user account information between Oracle Fusion Applications and these IDM systems. As in Release 11, customers must continue to log a Service Request (SR) to set up federated Single Sign-On 5

(SSO) between these systems. Once federation is enabled, the connectors will synchronize the information. Release 12 also delivers a REST API based on the SCIM (System for Cross-Domain Identity Management) standard. Customers can use this API to create user accounts, modify user attributes (e.g. email), enable/disable users, and fetch user account and role information. •

An Upgrade-Safe Reference Role Model - Starting in Release 12, pre-defined roles that are shipped with Oracle Applications Security will be locked down. Customers will not be able to modify the functional and data security policies that are associated with these roles. They can, however, add new data security policies to these pre-defined roles. In addition, privileges and resources are protected. Users cannot create or modify these artifacts Locking down these security artifacts enables safe upgrades to pre-defined roles, since the possibility of conflict with customer introduced changes to these roles is now eliminated. This, in turn enables customers to safely adopt new enhancements that may be delivered with pre-defined roles in future releases. As in Release 11, customers can make copies of pre-defined roles and freely customize these copies.

•

Enhanced Set of Self-Service Capabilities - Administrators are able to manage the entire user lifecycle. They can customize how notifications are generated and sent for various user lifecycle events including user account creation, and password management. Administrators can also tailor username and password generation by choosing from a list of shipped policies.

USER ACCOUNT MANAGEMENT Create, manage, and assign user accounts using the Security Console. You can also search, retrieve, and manage user accounts automatically created for employees, contingent workers, supplier contacts, or partner contacts. SECURING ORACLE HCM CLOUD ADMINISTRATOR PASSWORD MANAGEMENT Manage passwords of other user accounts as an administrator. You can auto-generate or manually enter a password for a user account. You can also define password lifecycle and complexity policies. Passwords will be automatically validated against these policies. USER PASSWORD MANAGEMENT (SELF-SERVICE) Manage your own user account password. Your password will be automatically validated against the defined password lifecycle and complexity policies.

6

USER ACCOUNT LOCKING Lock user accounts as an administrator. If you lock a user account, you will be temporarily preventing the user from logging in with that user account. You can also unlock a locked user account. ENHANCED ROLE VISUALIZATION View only certain components of a role in the graphic visualizer. You can view only the privileges, aggregate privileges or roles assigned to a role. You can also view the graphic visualizer in full screen mode and pan over a specific region in the graph. For complex roles, these features enable you to reduce the amount of information visualized and to focus on the area within the role hierarchy that requires your attention. TABULAR ROLE HIERARCHY VIEW View role hierarchies in a tabular view. You can switch between the graphic visualizer view and the tabular view. You can also export the data you view in the tabular view. SEARCH IN ROLE HIERARCHY VISUALIZATION Search and quickly locate security artifacts (nodes) in the role hierarchy visualization. You can search for privileges, roles or users in the visualization. USER NAME GENERATION RULES Define user name generation rules that will be used to auto-generate the user name when a user is created. You can define user name generation rules to be based on the user’s first and last names, first initial plus last name, e-mail or person or party number. You can also choose to use a system generated user name if the rule fails to generate a user name. PASSWORD POLICIES Define policies for password management. These policies can define the duration for various password lifecycle events like password expiration and password warning generation. You can also set the complexity of generated passwords by choosing from a pre-defined list of rules. NOTIFICATION TEMPLATES Define custom notification templates for your user account life cycle events. You can also use predefined notification templates. These templates will be used to generate notifications for events like user account created, user password reset and user password expiry warning.

7

UPGRADE-SAFE MANAGEMENT OF FACTORY SHIPPED ROLES Identify a predefined (factory shipped) Oracle role when viewing the role. Predefined Oracle roles are locked and you cannot customize the Oracle delivered functional and data security policies associated with these roles. You can, however, add data security policies to these roles. BRIDGE FOR MICROSOFT ACTIVE DIRECTORY Simplify Single Sign-On with Microsoft Active Directory by downloading and installing the Active Directory Bridge from the Security Console. Automatically synchronize user account information between Oracle Fusion Applications Security and Microsoft Active Directory. USER PASSWORD CHANGES AUDIT REPORT Generate a report that lists password changes made by users. The report can be generated for changes made by specific users or for all changes made during a specific period. INTEGRATE CUSTOM IDENTITY MANAGEMENT SOLUTION Integrate optionally with your Identity Management solution for user and role management using industry standard System for Cross-domain Identity Management (SCIM) REST APIs and ATOM feeds. PASSWORD RESET Enhanced password reset flow. Now a notification email will be sent to the user who requests a password reset. The user will be required to click on this link within a specific period of time to change the password. This replaces the previous flow where users were required to answer a series of challenge questions to reset the password. SECURITY CONSOLE Streamline use of some of the functionality that you have used in the past with the Security Console. The Security Console now includes the following functionality: •

IT Security Managers manage all User Account information such as password, lock and unlock are managed in the security console.

•

IT Security Managers manage roles directly in the Security Console. They no longer use Oracle Identity Manager or Authorization Policy Manager.

• • •

Privileges are predefined by Oracle and are no longer created or managed by the user. You can now view, create or change roles without first selecting an application. Resources are now granted through privilege and are no longer granted directly to Roles.

8

HCM SECURITY HCM Security includes enhancements to person security profiles, new-person task flows, role mappings, the Retrieve Latest LDAP Changes process, predefined job and abstract roles, and security setup. PERSON SECURITY PROFILES SUPPORT AREAS OF RESPONSIBILITY Improve performance by securing person records in person security profiles based on areas of responsibility, without having to write custom SQL. The Person Security Profiles pages are redesigned to accommodate areas of responsibility, and a Description field is added. A new Preview page is provided where you can test the access provided by the security profile and review the SQL predicate generated by the selected security criteria. Related import and export services and audit of person security profiles support areas of responsibility. Existing person security profiles are unaffected by these enhancements. HCM DATA ROLES SUPPORT AREAS OF RESPONSIBILITY Secure access to person records based on areas of responsibility while creating HCM Data Roles. The new Area of Responsibility section appears on the Assign Security Profiles to Role: Person Security Profile page when you create or edit an HCM data role that accesses person records. ROLE PROVISIONING SUPPORTS AREAS OF RESPONSIBILITY Manage base autoprovisioning of roles on assigned areas of responsibility. Role mappings now include a Responsibility Type condition. The Autoprovision Roles for All Users process can now create requests to add and remove roles based on a user’s areas of responsibility. ACCESS TO FUTURE-DATED PERSON RECORDS Control user access to future-dated person records using the new Include Future People option in person security profiles, which is deselected by default. Select the option to enable user access to future-dated person records that satisfy all other criteria in the security profile. INCLUDE RELATED CONTACTS OPTION NO LONGER ON PERSON SECURITY PROFILES Improve performance of person security profiles by including access to related contacts on an exception basis. The Include Related Contacts option does not appear for new person security profiles. In existing person security profiles, it appears only if currently enabled. To enable access to a worker’s contacts, add the Manage Contact Person PII duty role to relevant job and abstract roles.

9

NEW LOCATION FOR ROLES INFORMATION IN NEW-HIRE TASK FLOWS Streamline new-person task flows with the removal of the Roles page. Information about roles for new hires now appears in the Roles section on the Compensation and Other Information page. PROVISION ROLES AUTOMATICALLY TO ORACLE SERVICE CLOUD EXTERNAL CONTACTS Automate provisioning of roles to Oracle Service Cloud external contacts with the addition of the Contact Role attribute to role mappings. This enhancement is specific to Oracle Sales Cloud customers. REDUCED FREQUENCY FOR THE RETRIEVE LATEST LDAP CHANGES PROCESS Run the Retrieve Latest LDAP Changes Process only to correct data integrity issues or synchronize data among security components. For example, you run the process if you perform an LDIF (LDAP Data Interchange Format) load for new users. You no longer need to schedule the process to run daily. REDUNDANT PRIVILEGES REMOVED FROM PREDEFINED JOB AND ABSTRACT ROLES Streamline security administration with the removal of the Copy Personal Data to LDAP and Send User Name Request to LDAP function security privileges from the Line Manager and Human Resource Specialist roles. Both roles continue to inherit these privileges from the Manage User Account and Link User Name to Person aggregate privileges. Therefore, their removal causes no loss of access. USER AND ROLE PROVISIONING OPTIONS MOVED TO THE SECURITY CONSOLE Control the default format of user names by setting User Preferences on the Security Console Administration tab. Specify whether users receive their sign-in details by setting Notification Preferences on the Security Console Administration tab. The enterprise-level options Default User Name Format and Send User Name and Password no longer appear on the Manage Enterprise HCM Information page. DEFAULT USER NOTIFICATION PREFERENCES MANAGED ON THE SECURITY CONSOLE Control the default behavior of User Notification Preferences on the Create User page from the Security Console. If notification preferences are enabled on the Security Console and an appropriate notification template exists, then the Send User Name and Password option on the Create User page can be selected. If notification preferences are not enabled on the Security Console, then the Send User Name and Password option on the Create User page is disabled and cannot be selected. RESET PASSWORD LINK REPLACES GENERATED TEMPORARY PASSWORDS Simplify user access to accounts by including a reset password link rather than a generated temporary password in user account notifications that require a password change. 10

CHANGED BEHAVIOR OF THE CREDENTIALS SENT INDICATOR Enforce accurate setting of the Credentials Sent indicator, which can be set once only for any user. The Credentials Sent indicator is now set whenever an attempt is made to send a user name and password to a user, regardless of whether the attempt succeeds. Ensure that all attempts succeed by confirming that notification preferences are enabled on the Security Console and that appropriate notification templates exist whenever user credentials are to be sent. USER ACCOUNTS NO LONGER CREATED AUTOMATICALLY FOR USERS LOADED IN BULK Control the automatic creation of user accounts and notification of user credentials for users loaded in bulk. From this release, the GeneratedUserAccountFlag and SendCredentialsEmailFlag attributes of the Worker object default to N (No). Set them to Y (Yes) for selected workers to create user accounts and send notifications. ALTERNATE CONTACT E-MAIL ADDRESS NO LONGER ON THE USER INTERFACE Specify an alternate contact e-mail address for users loaded in bulk by setting the CredentailsEmailAddress attribute of the Worker object. You can no longer specify an alternate contact e-mail address for the enterprise on the Manage Enterprise HCM Information page.

11

HCM DATA LOADER HCM Data Loader provides a flexible and efficient method of bulk loading business object data for datamigration and on-going incremental updates to Oracle Human Capital Management Cloud. ESTIMATED TIME TO COMPLETE LOAD Streamline the loading of large data volumes by monitoring the progress of the load and the estimated time for the load to complete. The Import and Load Data page includes a load progress icon for each business object. When you click the icon, a progress dialog box now opens. Here you can see the percentage of objects processed so far and, for in-progress loads, the estimated time to complete loading. This information is refreshed automatically every 15 seconds until load processing is complete. SPREADSHEET DATA LOADING Simplify bulk data loading using HCM Data Loader spreadsheets for all business objects that HCM Data Loader supports. Use the predelivered spreadsheet templates, copy and edit the templates, or create your own templates from scratch to include just the attributes needed for your use case. The spreadsheet templates are fully configurable. You can specify your own column order, column headings, help tips, attribute validation, and default values. You can enter your data in the spreadsheet generated from the template and upload it directly from there. Any errors are reported in the spreadsheet, where you can correct and reprocess failed records.

12

HCM COMMON TRANSACTIONAL BUSINESS INTELLIGENCE Oracle Fusion Transactional Business Intelligence is a real time, self-service reporting solution offered to all Oracle Fusion application users to create ad hoc reports and analyze them for daily decision-making. Oracle Fusion Transactional Business Intelligence provides human resources managers and specialists, business executives, and line managers the critical workforce information to analyze workforce costs, staffing, compensation, performance management, talent management, succession planning, and employee benefits. OBIEE ANSWERS ENHANCEMENT: SUBJECT AREA SEARCH Enhance your ability to search for columns within the subject areas with the new search option. With this enhancement you can enter a value with wildcards to search for columns that match with the entered value. OBIEE ANSWERS ENHANCEMENT: SAVE A COLUMN Enhance your reporting capabilities with create, save and re-use of the calculated metrics in Answers.

---

13

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

14