OIC - OIC Integration for User and Role Synchronization Between CORS and Workforce System (WFS)

Managing user access across systems is a common enterprise requirement. In this implementation, Oracle Integration Cloud (OIC) acts as the middleware between CORS and the Workforce System (WFS) to synchronize users and their roles.

Flow 1: WFS to CORS – User and Role Export

This scheduled OIC integration runs periodically to extract user information from WFS.

Process

1. OIC Scheduler triggers the integration.
2. Lists all available files from the WFS SFTP location.
3. For each file, downloads the content.
4. Writes the files to the OIC Embedded SFTP server.
5. Delete file from WFS SFTP.
6. CORS picks up the files using a service account.

Files Transferred:

• List of Users
• User with Roles

This flow ensures CORS always has the latest user and role information from WFS.

Flow 2: CORS to WFS – User Provisioning and Role Management

This integration exposes a REST API that allows CORS to request user provisioning or role assignment/removal in WFS.

Process

1. CORS sends user details and roles through a REST request.
2. OIC validates and transforms the data into the format required by WFS.
3. Creates the appropriate provisioning file.
4. Places the file in the WFS SFTP location for processing.

Supported Actions

• Create User
• Assign Role
• Remove Role

This approach provides a simple file-based integration mechanism while maintaining system decoupling.

Request feed:

{

  "users": {

    "ReqNo": "123123",

    "loginID": "user010",

    "UserEmail": "sendmail-test-discard@oracle.com",

    "Roles": [

      {

        "Action": "ADD",

        "RoleName": "Company General User"

      },

      {

        "Action": "REMOVE",

        "RoleName": "Company Roster Creator"

      }

    ]

  }

}

Response:

{

  "Status": "RECEIVED/ERROR",

  "Message": "",

  "users": {

    "ReqNo": "123123",

    "loginID": "user010",

    "UserEmail": "user010@oracle.com",

    "Roles": [

      {

        "Action": "ADD",

        "RoleName": "Project Administrator"

      },

      {

        "Action": "REMOVE",

        "RoleName": "Project Administrator"

      }

    ]

  }

}

File fileds required by wfs: <InterfaceNumber>_USER_ROLES_<datetime>

Flow 3: CORS to WFS – Provisioning Status Validation

After provisioning requests are submitted, CORS can verify the processing status through another REST service exposed by OIC.

Process

1. CORS sends the User ID and Role information.
2. OIC obtains an authentication token from WFS.
3. Calls WFS APIs to retrieve current users and assigned roles.
4. Compares the requested data with the actual data in WFS.

Response Logic

• Success – User exists and all requested roles are assigned.
• Pending – User exists but roles are not yet assigned.
• Error – User does not exist in WFS.

This validation mechanism provides real-time visibility into provisioning status and helps CORS track completion of access requests.

Request : same as previous flow 

Response:

{

  "users": [

    {

      "Status": "SUCCESS/ERROR/PENDING",

      "Message": "",

      "ReqNo": "123123",

      "loginID": "user010"

    }

  ]

}

Get Token:

Request payload: {"grant_type":""}

Response payload: {"access_token":""}

Mapping: map "client_credentials" to grant_type.

Get User Logs:

Sample response:

{

  "updateSequence": [

    {

      "recordId": "...",

      "dataChange": "MERGE",

      "userId": "...",

      "externalId": "21144",

      "generalRoles": [

        "TA-AS_EMPLOYEE",

        "TA-CHANGE_OWN_PASSWORD",

        "TA-DESKTOP_EMPLOYEE_TIME_OFF_REQUESTS",

        "TA-MOBILE_CLOCK_USER",

        "TA-MOBILE_USER"

      ],

      "groupRights": [

        {

          "id": "TA-2146425995",

          "roleId": "TA-DELEGATOR_GROUP",

          "type": "EMPLOYEE_GROUP"

        }

      ],

      "errors": [

        "You would have been more ..."

      ],

      "nextCursor": "..."

    }

  ]

}

Mapping:

1. Authorization : Bearer <token>

2. Count : 5000 (this limit is on the number of records to retrieve.)

Code logic for response:

Benefits

• Automated user and role synchronization.
• Secure file transfer through SFTP.
• REST-based provisioning interface.
• Real-time status validation.
• Reduced manual user administration effort.
• Reliable integration between CORS and WFS using Oracle Integration Cloud.

This blog provides an end-to-end overview of the user provisioning and role synchronization framework implemented using OIC between CORS and Workforce System (WFS).

OIC - Retry Mechanism in Oracle Integration Cloud (OIC)

In Oracle Integration Cloud (OIC), retry handling plays an important role in improving integration reliability when temporary failures occur during invoke calls. Oracle currently documents two different retry approaches that developers should understand while designing integrations.

1. Project-Level Retry Logic

Oracle Integration provides a configurable retry mechanism for invoke connections within Projects. This retry functionality is not automatically enabled for every integration by default. Once configured, developers can customize:

Number of retry attempts

Delay interval between retries

Default Configuration

By default, OIC provides:

3 retry attempts

5-second retry interval

This retry mechanism applies broadly to invoke connection faults, including:

Business faults

Runtime faults

This helps integrations recover automatically from temporary endpoint failures without immediately moving to faulted state.

Use Case

Suppose an external REST/SOAP endpoint becomes temporarily unavailable or experiences network instability. Instead of failing immediately, OIC retries the invoke operation automatically based on configured retry settings.

Oracle Documentation

https://docs.oracle.com/en/cloud/paas/application-integration/integrations-user/retry-invoke-connections-project.html?utm_source=chatgpt.com

2. REST Adapter Built-In Retry Handling

Apart from project-level retry logic, the REST Adapter itself contains built-in retry handling for specific error scenarios. This behavior is adapter-specific and implemented internally by Oracle.

The REST Adapter automatically retries for:

HTTP 504 errors

HTTP 502 errors (GET operations only)

HTTP 401 errors

SSL-related retryable exceptions

Adapter-classified retryable exceptions

For these scenarios, the REST Adapter performs up to 3 retry attempts automatically.

Important Note

This retry behavior is currently documented specifically for the REST Adapter. Oracle documentation does not confirm the same built-in retry implementation across all adapters.

Best Practice

Oracle recommends enabling instance retries when invoking REST endpoints that may encounter:

401 errors

429 throttling errors

50x server errors

This improves resiliency when working with unstable or rate-limited external services.

Oracle Documentation

https://docs.oracle.com/en/cloud/paas/application-integration/rest-adapter/troubleshoot-rest-adapter.html?utm_source=chatgpt.com

https://docs.oracle.com/en/cloud/paas/application-integration/rest-adapter/best-practices-invoking-rest-endpoints.html?utm_source=chatgpt.com

Conclusion

OIC provides retry handling at multiple levels:

Project-Level configurable retry mechanism

REST Adapter built-in automatic retries

Understanding both mechanisms helps developers design more resilient integrations and reduce failures caused by temporary network or endpoint issues.

When designing enterprise integrations, retry configuration should always be planned carefully to balance:

Reliability

Performance

Duplicate transaction prevention

External API limitations

Proper retry handling can significantly improve integration stability in real-world production environments.

OPC vs Unifier – Simple Understanding

OPC vs Unifier – Simple Understanding

Oracle Primavera Cloud (OPC) is mainly used for project execution and scheduling. It helps organizations manage project timelines, activities, milestones, resources, and overall project progress.

For example, 

project managers use OPC to track delayed activities, monitor schedules, and manage resource planning.

On the other hand, Oracle Primavera Unifier is used for business processes and workflow management. It handles approvals, budget management, invoices, contracts, change requests, and document workflows.

For example, 

finance or PMO teams use Unifier for contractor approvals, budget approvals, and project-related business processes.

In simple terms:

OPC focuses on project scheduling and execution

Unifier focuses on business workflows and approvals

Both applications are often integrated using Oracle Integration Cloud to synchronize project and business data across systems.

OIC - User Access Provisioning & Revocation Between CORS and OPC

Introduction

In enterprise environments, user access management between external systems and Oracle platforms is a common integration requirement. In this use case, we implemented an automated solution using Oracle Integration Cloud to provision and revoke user access between CORS and OPC.

The integration supports two major flows:

OPC to CORS Sync Flow

Scheduled integration

Extracts users, departments, and groups from OPC

Generates files and sends them to SFTP for CORS pickup

CORS to OPC Access Management Flow

REST-based integration

Receives user/group/department details from CORS

Creates users and assigns access in OPC

Returns failed group assignment responses

This architecture helped automate access governance, reduce manual intervention, and improve synchronization accuracy across systems.

Flow 1 – OPC to CORS Synchronization

Requirement

CORS requires periodic synchronization data from OPC containing:

User details

Department mappings

Department-group mappings

Department-group-user mappings

The files need to be generated automatically and placed in an SFTP location for CORS consumption.

Solution Design

We implemented a Scheduled Integration in Oracle Integration Cloud.

High-Level Steps

1. Scheduler triggers the integration periodically
2. OIC calls OPC APIs and retrieves authentication token
3. Fetches: 
• Departments 
• Department and group mappings Department-group-user mappings
4. Generates 3 outbound files
5. Uploads files to OIC SFTP location
6. CORS picks up the files from SFTP

Integration Flow

Step 1 – Scheduler Trigger

<InterfaceNumber>_OPC_CORS_RolesWithUser_extract_Sch

<InterfaceNumber>_OPC_CORS_RolesWithUser_extract

A scheduled orchestration integration was configured to run at defined intervals.

Example:

Every 1 hour

Daily batch sync

Based on business requirement

Step 2 – OPC Authentication

The integration first invokes OPC authentication APIs to retrieve access tokens.

This token is then used for all subsequent OPC REST API calls.

Step 3 – Fetch Department and Group Details

Multiple REST calls were made to OPC APIs:

APIs Used

Get Departments

Get Groups by Department

Get Users by Group and Department

The data was staged and transformed inside OIC.

Fetch dept/ workspace:

Fetch usergroups:

Step 4 – Generate Output Files

Three files were generated:

File

Description

Department File

Contains department details

Department-Group File

Contains group mapping information

Department-Group-User File

Contains user assignment details

Files were generated in CSV format.

Step 5 – Upload Files to SFTP

Using OIC FTP/SFTP Adapter, the files were uploaded to the designated SFTP location.

CORS system then picked up the files for downstream processing.

Benefits of Flow 1

Fully automated synchronization

No manual file preparation

Centralized access data management

Reduced synchronization errors

Easy scalability for future enhancements

Flow 2 – CORS to OPC User Provisioning

Requirement

CORS sends user access requests to OIC.

The integration must:

1. Create users in OPC
2. Assign department access
3. Add users to groups
4. Return failure responses for unsuccessful group assignments

Solution Design

We exposed a REST API from Oracle Integration Cloud for CORS consumption.

The design was modularized using:

One Main Integration

Multiple Child Integrations

This improved reusability and maintainability.

Architecture Overview

Main Integration

The main orchestration integration performs:

Receives REST payload from CORS

Validates incoming request

Calls child integrations

Consolidates responses

Sends failure details back to CORS

<InterfaceNumber>_CORS_OPC_UserRoleProvision_Main

Child Integration 1 – User Creation

This integration handles:

User creation in OPC

User validation

Existing user checks

Error handling

Key Features

Reusable integration

Can be invoked independently

Centralized user onboarding logic

<InterfaceNumber>_CORS_OPC_UserCreation

Integration Flow:

Get the user, workspace and group details grom main > Get Unifer Token > check if user exists using login id  > if user does not exists, create the user > get job status > get opc token > get all opc users > chekc if user exists > if user does not exists , create the user > send the status and message back to Main.

Get feed from main:

Get Unifier Token:

Check if user exists:

Create user in unifier if user does not exist.

Get job status:

Get OPC token:

Get all OPC user:

Check if user exists

Create uset to opc

Child Integration 2 – Group and Department Assignment

This integration performs:

Group assignment

Department mapping

Role association

If any group assignment fails, the integration captures the failure details.

 <InterfaceNumber>_CORS_OPC_AddOrRemoveWorkdpaceAccess

Integration flow:

Receive feed from main > Get OPC token > for each user group - add or remove workspace group access > send status back to main

Feed from main:

For each user group

Add user group

Remove user from group

Failure Handling Mechanism

One important business requirement was to return failed group assignments back to CORS.

Example Failure Scenarios

Group does not exist

Invalid department

User already assigned

OPC API failure

The integration collected all failed records and prepared a consolidated response.

Sample Response Structure

JSON

{

  "status": "PARTIAL_SUCCESS",

  "failedGroups": [

    {

      "user": "ABC123",

      "group": "Finance_Admin",

      "reason": "Group not found"

    }

  ]

}

Key Advantages of the Solution

• Modular Design
• Using child integrations improved:
• Reusability
• Maintainability
• Independent testing
• Better Error Tracking
• Detailed failure responses helped CORS quickly identify provisioning issues.
• Scalable Architecture
• The solution can easily support:
• Additional departments
• More user attributes
• Future access models

Conclusion

This integration solution using Oracle Integration Cloud enabled seamless synchronization and automated user access management between CORS and OPC.

The implementation provided:

• Automated provisioning and revocation
• Secure file-based synchronization
• REST-based onboarding
• Modular child integration architecture
• Detailed failure reporting
• This approach significantly reduced manual effort while improving access governance and operational efficiency across systems.

Reference:

https://docs.oracle.com/en/industries/construction-engineering/primavera-cloud/opcap/op-workspace-removeusersfromgroup-post.html?utm_source=chatgpt.com