We’re running Oracle Fusion Cloud SCM 24A with LDAP integration for user provisioning. The LDAP sync job completes successfully without errors, but new warehouse users aren’t getting the correct SCM roles assigned automatically.
However, when new warehouse staff members are added to our Active Directory groups (WH_OPERATORS, WH_SUPERVISORS), they appear in Fusion as users but without any warehouse management roles. We have to manually assign roles after each sync, which defeats the purpose of automated provisioning.
Our LDAP group-to-role mapping configuration looks correct in the LDAP Connector settings, and the provisioning profile is set to auto-assign roles based on group membership. Existing users who were manually provisioned before we enabled LDAP sync have the correct roles.
The warehouse SCM role assignment should happen automatically based on AD group membership, but something in the provisioning flow isn’t working. Has anyone experienced issues with LDAP group-to-role mapping in warehouse management? Are there specific provisioning profile settings we might be missing?
I’ve seen this behavior when the role mapping is configured but the provisioning policy isn’t set correctly. Go to Identity Cloud Service > Settings > Default Settings and check the ‘Auto-Assign Roles’ option. Also verify that your LDAP groups are mapped to the correct Fusion roles in the Groups section of IDCS. The mapping needs to be bidirectional - LDAP group to IDCS group, then IDCS group to Fusion role. We had a similar issue where the second mapping was missing, so users got created but roles weren’t assigned.
The zero errors in the sync log is actually misleading - LDAP sync can complete successfully even if role assignment fails. Check the detailed sync logs in IDCS (not just the summary). Look for warnings about role assignment failures or missing mappings. Also verify that the LDAP attribute you’re using for group membership (usually ‘memberOf’) is being read correctly. Run a test sync with debug logging enabled to see exactly what’s happening during the role assignment phase.
Warehouse management roles in Fusion have specific data security requirements that might not be provisioned through standard LDAP sync. Even if the role is assigned, users might not have access to warehouse locations or inventory organizations. Check if your provisioning profile includes data security policy assignments. We had to create custom provisioning rules that assigned both the functional role and the corresponding data access policies for warehouse operations.