IAM with Identity Domains in OCI
Summary #
Identity and Access Management (IAM) uses identity domains to provide identity and access management features such as authentication, single sign-on (SSO), and identity lifecycle management for Oracle Cloud(OCI) as well as for Oracle and non-Oracle applications, whether SaaS, cloud hosted, or on premises. ref
Domain in OCI #
Hosted Sign In Page #
A Hosted Sign In page allows you to customize the look and feel of the Identity Cloud Service sign-in experience by using style classes, custom HTML, and translation support.
You can customize the login experience using one or both of the following methods.
Add your own Background image to the sign in page. #
Customize the Sign In Page #
Provide custom HTML and custom translations using Hosted Sign In. #
Language Translation.
Hosted Sign In provides custom HTML and custom translations, in order to overwrite the current sign-in page definition. This customization applies to the main sign-in page. It doesn’t affect all sign-in flows, for example, it doesn’t affect the reset password and MFA flows.
- The Hosted Sign In page:
- Allows you to change current styles and to add new HTML elements.
- Supports translations for existing elements as well as new elements.
{ "idcs-username-label": { "en": "Account ID", "es": "Cuenta de usuario o correo Electronico" }, "idcs-username-placeholder": { "en": "Enter your Account ID", "es": "Introduzca su nombre de usuario o correo electronico" }, "idcs-password-label": { "en": "Pass-word", "es": "Contra-sena" }, "idcs-password-placeholder": { "en": "Enter your password", "es": "Introduzca su contrasena" }, "welcometext": { "en": "Welcome to our Portal", "es": "Bienvenido" }, "welcometext2": { "en": "This is great", "es": "Bienvenido" } }
Security #
Sign-on Policies #
Adding new policy to enforce MFA will make user to use two factor authentication while logging in
What factors are allowed can be controlled
SMS can also be used, but charges apply
OCR of Images #
2024-05-21_14-52-09_screenshot.png #
Identity >> Domains > projectx domain > Security > Sign-on policies Security Sign-on policies in projectx Domain Terms of use Administrators Adaptive security Identity providers IdP policies Sign-on policies Network perimeters App gateways Account recovery MFA i) In order to further improve the security posture of your tenancy, Oracle recommends that you keep multi-factor authentication (MFA) enabled for users with administrative privileges. See OCI Securtvyrecommendations. Create sign-on policy Actions V Name Description Status Default Sign-OnPolicy Default Sign on Policy for Tenant Activated Extra Policy Activated Security Policyfor OCI Console The Security Defaults to secure OCI Console Activated : 0 selected Displaying 3 policies Page 1 > Two-factor authentication OAuth
2024-05-21_14-53-08_screenshot.png #
< domain > Security > Sign-on policies > Sign-on pr Edit sign-on rule Help Extra Policy Let users that meet the specified conditions of this rule sign in to this identity domain. Prompt for reauthentication Edit sign-on policy Deactivat Require users to provide credentials the next time they sign in to this identity domain. Prompt for an additional factor Require users to perform multifactor authentication. Any factor Specified factors only Mobile app passcode Mobile app notification Security questions Text message (SMS) Email Bypass code Sign-on policy information Description: Created: Tue, May 21, 2024, 11 Sign-on rules Add sign-onrule Edit prior Priority Fast ID Online (FIDO) passkey authenticator Frequency @ Once per session or trusted device Every time Custom interval Enrollment i Required Optional Save changes Cancel 0 selected : - okie Preferences Copyright @ 2024, Oracle and/or its affiliates. All rights reserved.