Welcome to the Oracle Fusion Connector setup guide. This document provides a comprehensive overview for establishing a secure and efficient connection with Oracle Fusion Cloud Finance Applications, leveraging best practices inspired by Savant's connection process.
Features
Read data from Oracle Fusion Cloud Finance Applications
Writing analysis outcome to Oracle Fusion Cloud Finance Applications
Requirements
Before establishing a connection with Oracle Fusion, ensure the following requirements are met:
Valid Oracle Fusion Cloud Applications instance with credentials.
Appropriate API access rights for Oracle Fusion,
Network access with whitelisted IPs for your destination system
Administrative permissions within Oracle Fusion for configuring extract jobs and managing custom objects, creating custom reports.
Familiarity with Oracle’s Business Intelligence Cloud Connector (BICC) process
The integration environment must support JDBC or REST-based connection methods as provided by Savant
IPs provided by Savant should be whitelisted
For SSO/SAML Authentication, access to your IDCS (or corporate SAML IdP) admin console
Connection Methods
Savant supports multiple connection methods including the below mentioned for secure access:
Username & Password Flow
OAuth 2.0 (For SSO)
For SSO or MFA enabled instances of Oracle Cloud, use the SSO (OAuth 2.0) or Secure Token Authentication method
Step-by-Step Connection Guide
This step-by-step guide ensures you can efficiently set up your environment for optimal data integration.
Setting up Username and Roles
Step 1: Find the Server URL
Log in to Oracle Cloud:Access your Oracle Cloud account and navigate to the Application Console.
Copy Your Oracle Fusion Instance:For the application instance, find the Service Environment URL (e.g.
https://myfin.fscm.us2.oraclecloud.com
).
Step 2: Create a User
Access the Security Console:Log in to the Oracle Fusion Cloud Application instance (you must have the Security Manager role).In the left-hand navigation pane, click Tools > Security Console.
Create a User Account:Go to the Users page and click Add User Account.Enter the user details (note down the User Name and Password).Click Save and Close.
Step 3: Create BICC and UCM Roles
Log in and Navigate to the Security Console:Ensure you have the Security Manager role. Go to Tools > Security Console, then select the Roles page and click Create Role.
Configure the Role:
Basic Information:
Role Name: e.g.,
BICC_SAVANT_ROLE
orUCM_SAVANT_ROLE
Role Code: e.g.,
BICC_ADMIN_SAVANT
orUCM_ADMIN_SAVANT
Role Category: BI - Abstract Role
Uncheck Predefined Role.
Click Next through the Function and Data Security Policies pages.
Role Hierarchy:
Click Add Role and search for these roles:
ESS Administrator Role: To manage global data extract jobs.
BIA_ADMINISTRATOR_DUTY: To get job information and describe datastores.
OBIA_EXTRACTTRANSFORMLOAD_RWD: To view/download extracted files from UCM.
Click Add Role Membership.
BI & Analytics Roles for Custom Report:
To allow Savant to fetch and execute custom OTBI/BI analyses
BI Consumer/Author Roles (
BI_CONSUMER_ROLE
and/orBI_AUTHOR
)Assignment:Security Console -> Users ->Edit connector user -> Roles tab -> add above roles -> Save
Step 4: Assign the Role to the Created User:
On the Users page within the role configuration, click Add User and enter the user created earlier.
Review the summary and click Save and Close.
Step 5: Configure UCM Storage for BICC
Access the BI Applications Configuration Manager: Use the Server URL found in Step For example, if your URL is
https://my-oracle-fusion-cloud.oraclecloud.com
, then navigate to:
arduinoCopyhttps://my-oracle-fusion-cloud.oraclecloud.com/biacm
Log In Using the Credentials:Use the User Name and Password created in Step Test UCM Connection:
Click Configure External Storage.In the UCM Connection tab, click Test UCM Connection.Ensure you receive an "External Storage Connection Succeeded" message. Click OK.
Step 6: Add Custom Objects to an Offering
Custom Datastores:
Follow Oracle documentation to add your custom object (datastore) to an offering.
Ensure the object is part of the offering; otherwise, it may be excluded from the sync.
Step 7: Select Primary Keys for Custom Objects
Primary Key Configuration:
Log in to the BI Applications Configuration Manager.
Click Manage Offerings and Data Stores.
Choose the offering associated with your custom objects.
Select the datastore and navigate to the Edit Columns tab.
Mark the primary key columns and click Save.
Username and Password Flow
Step 1: Access the My Services Dashboard:
Sign in to the My Services dashboard for your Oracle Identity Cloud Service tenant.
Find the Oracle Identity Cloud Service entry and click Identity Cloud.
Step 2: Copy the Service Instance URL:
On the Overview tab, under Service Instances, copy the Service Instance URL.
Extract the REST server portion (e.g.,
idcs-9a888b7e6ebb44b4b65.identity.oraclecloud.com
).
Step 3: Connect Savant to Oracle Fusion using following details
username: The Oracle Cloud Platform Service user name with administrator privileges.
password: The password for that user.
identity-cloud-service-instance-url: The REST server portion of your Identity Cloud Service URL (e.g.,
idcs-9a888b7e6ebb44b4b65.identity.oraclecloud.com
)
OAuth 2.0 Authentication
Step 1: Create an OAuth Application in Oracle Cloud Console
Log in to your Oracle Cloud Console with an administrative account
Navigate to Identity and Security → Domains → Integrated Applications→ Add Application→ Confidential Application
Enter App name:
OracleFusionConnector
Click Create (or Save) to provision the application.
Within the app go to OAuth configuration
Under General Information copy the Client ID and Client Secret
Step 2: Configure Resource server, Client settings, Scopes & Redirect URLs
Resource server settings :
Configure this application as a resource server now — selected.
Access token expiration (seconds):
3600
Allow token refresh: enabled (toggle ON).
Refresh token expiration (seconds):
604800
Primary audience:
savant-audience
Add secondary audience: leave OFF unless required.
Save the Resource server configuration.
Client settings (exact guidance):
Configure this application as a client now — selected.
Allowed grant types:
Authorization code and Refresh token: Enable for interactive SSO (user sign-in via browser).
Allow non-HTTPS URLs: enable only for local development/testing. Do not enable in production.
Save client settings and copy the Client ID and Client Secret.
Scopes & Redirect URLs:
Add the exact API scopes required by Oracle Fusion and any custom scopes your API expects.
Redirect URLs (Authorization Code flow only): add Savant callback URIs exactly (scheme, host, port, path)
https://localhost:8443/api/callback
https://app.savantlabs.io/api/callback
Ensure the redirect URI you configure in Savant matches one of these entries exactly.
Retrieve Tenant ID & Issuer URL:
Tenant ID (Tenancy OCID): go to Domains → Details in OCI Console and copy the Domain URL - Alpha numeric code in the domain URL is the Tenant ID (idcs-88.....)
Authorization Server / Issuer URL:
Step 3: Configure in Savant
Navigate to Connectors → Oracle Fusion Cloud Financials
Under Authentication Type, select OAuth 2.0
Then provide:
Client ID:
Client Secret:
Tenant ID:
Server URL
Troubleshooting
Verify that the server URL, user credentials, and authentication method are entered correctly.
Ensure the appropriate IP addresses are whitelisted and that network settings allow communication with Oracle Fusion.
Confirm that the user has been assigned the correct roles and permissions in the Security Console.
Re-check the BI Applications Configuration Manager to ensure UCM is correctly configured and accessible.
By following these steps, you will establish a robust connection with Oracle Fusion Cloud Applications, enabling seamless data extraction and synchronization using Savant.
If you encounter any issues or need further assistance, please consult Oracle’s documentation or reach out to Savant support team.