docs.oracle.com
Open in
urlscan Pro
2a02:26f0:480:59e::af5
Public Scan
URL:
https://docs.oracle.com/en-us/iaas/Content/Security/Reference/iam_security_topic_update_default_security_policy_using_re...
Submission: On December 26 via manual from BR — Scanned from DE
Submission: On December 26 via manual from BR — Scanned from DE
Form analysis 1 forms found in the DOM
https://docs.oracle.com/search/
<form action="https://docs.oracle.com/search/" class="uk-search uk-width-1-1" id="oc-navigation-search-form" style="display: none;"></form>Text Content
* Getting Started
* Oracle Cloud Infrastructure Cloud Adoption Framework
* Oracle Cloud's Free Tier
* Oracle Multicloud
* Oracle Cloud Infrastructure Government Cloud
* Oracle EU Sovereign Cloud
* Applications Services
* Infrastructure Services
* Developer Resources
* Security
* Oracle Cloud Infrastructure Security Guide
* Security Overview
* Security Services
* Security for Core Services
* Securing Your Tenancy
* Security Best Practices
* Securing API Gateway
* Securing Autonomous Recovery Service
* Securing Bastion
* Securing Block Volume
* Securing Cloud Advisor
* Securing Cloud Guard
* Securing Cluster Placement Groups
* Securing Compute
* Securing Compute Cloud@Customer
* Securing Connector Hub
* Securing Console Dashboards
* Securing Data Catalog
* Securing Data Integration
* Securing Data Transfer
* Securing Database
* Securing DevOps
* Securing Document Understanding
* Securing Email Delivery
* Securing File Storage
* Securing GoldenGate
* Securing Health Checks
* Securing IAM
* IAM MFA
* Determining the Tenancy Type
* Identity Domains Without the "Security Policy for OCI Console"
Sign-On Policy
* Identity Domains With the "Security Policy for OCI Console" Sign-On
Policy
* Tenancies Without Identity Domains and Without the "Security Policy
for OCI Console" Sign-On Policy
* Tenancies Without Identity Domains and With the "Security Policy
for OCI Console" Sign-On Policy
* Modifying and Restoring Oracle Security Defaults Using the Required
Consents
* Using Cloud Guard
* IAM Tenancy and Compartments
* IAM Users and Groups
* IAM Credentials
* IAM Security Policies
* IAM Federation
* Security Policy Examples
* Useful CLI Commands
* Securing Java Management
* Securing Kubernetes Engine
* Securing Media Services
* Securing Monitoring
* Securing Networking: VCN, Load Balancers, and DNS
* Securing Network Firewall
* Securing Notifications
* Securing Object Storage
* Securing OCI Control Center
* Securing Oracle Cloud Migrations
* Securing OS Management Hub
* Securing Process Automation
* Securing Queue
* Securing Resource Manager
* Securing Secure Desktops
* Securing Security Advisor
* Securing Security Zones
* Securing Streaming
* Securing Tagging
* Securing Threat Intelligence
* Securing VMware Solution
* Securing Vulnerability Scanning
* Securing Web Application Firewall
* Addressing Basic Configuration Issues
* Oracle Cloud Security Responses to Vulnerabilities
* Marketplace
* More Resources
* Glossary
* Oracle Cloud Console
Main Navigation
* Getting Started with Oracle Cloud Infrastructure
* Cloud Adoption Framework
* Oracle Cloud's Free Tier
* Multicloud
* Oracle Cloud Infrastructure Government Cloud
* Applications Services
* Infrastructure Services
* Developer Resources
* Security
* Marketplace
* More Resources
* Oracle Cloud Console
*
* Cloud Applications Documentation
* Oracle.com Home
* Oracle Help Center Home
Help Center
Search
Oracle Cloud Infrastructure
Search is scoped to:
Oracle Cloud Infrastructure
DeutschEnglish (US)EspañolFrançais (Canada)FrançaisItaliano日本語Português (Brasil)
ORACLE CLOUD INFRASTRUCTURE DOCUMENTATION
TRY FREE TIER
--------------------------------------------------------------------------------
SecurityOracle Cloud Infrastructure Security GuideSecurity Best
PracticesSecuring IAMIAM MFA
All Pages
* Getting Started
* Oracle Cloud Infrastructure Cloud Adoption Framework
* Oracle Cloud's Free Tier
* Oracle Multicloud
* Oracle Cloud Infrastructure Government Cloud
* Oracle EU Sovereign Cloud
* Applications Services
* Infrastructure Services
* Developer Resources
* Security
* Oracle Cloud Infrastructure Security Guide
* Security Overview
* Security Services
* Security for Core Services
* Securing Your Tenancy
* Security Best Practices
* Securing API Gateway
* Securing Autonomous Recovery Service
* Securing Bastion
* Securing Block Volume
* Securing Cloud Advisor
* Securing Cloud Guard
* Securing Cluster Placement Groups
* Securing Compute
* Securing Compute Cloud@Customer
* Securing Connector Hub
* Securing Console Dashboards
* Securing Data Catalog
* Securing Data Integration
* Securing Data Transfer
* Securing Database
* Securing DevOps
* Securing Document Understanding
* Securing Email Delivery
* Securing File Storage
* Securing GoldenGate
* Securing Health Checks
* Securing IAM
* IAM MFA
* Determining the Tenancy Type
* Identity Domains Without the "Security Policy for OCI Console"
Sign-On Policy
* Identity Domains With the "Security Policy for OCI Console" Sign-On
Policy
* Tenancies Without Identity Domains and Without the "Security Policy
for OCI Console" Sign-On Policy
* Tenancies Without Identity Domains and With the "Security Policy
for OCI Console" Sign-On Policy
* Modifying and Restoring Oracle Security Defaults Using the Required
Consents
* Using Cloud Guard
* IAM Tenancy and Compartments
* IAM Users and Groups
* IAM Credentials
* IAM Security Policies
* IAM Federation
* Security Policy Examples
* Useful CLI Commands
* Securing Java Management
* Securing Kubernetes Engine
* Securing Media Services
* Securing Monitoring
* Securing Networking: VCN, Load Balancers, and DNS
* Securing Network Firewall
* Securing Notifications
* Securing Object Storage
* Securing OCI Control Center
* Securing Oracle Cloud Migrations
* Securing OS Management Hub
* Securing Process Automation
* Securing Queue
* Securing Resource Manager
* Securing Secure Desktops
* Securing Security Advisor
* Securing Security Zones
* Securing Streaming
* Securing Tagging
* Securing Threat Intelligence
* Securing VMware Solution
* Securing Vulnerability Scanning
* Securing Web Application Firewall
* Addressing Basic Configuration Issues
* Oracle Cloud Security Responses to Vulnerabilities
* Marketplace
* More Resources
* Glossary
* Oracle Cloud Console
Skip to main content
Updated 2024-11-22
MODIFYING AND RESTORING ORACLE SECURITY DEFAULTS USING THE REQUIRED CONSENTS
You can modify the Oracle security defaults for the "Security Policy for OCI
Console" sign-on policy for an identity domain after providing explicit
modification consent. You can also restore the Oracle security defaults after
providing restoration consent.
Oracle has implemented the "Security Policy for OCI Console" sign-on policy for
all domains to safeguard the Console. This policy enforces multifactor
authentication with phishing-resistant factors to be prompted for each sign-in
attempt to the Console, protecting its resources.
To guarantee that the identity domain's Oracle security defaults is always
maintained, explicit consent must be recorded whenever you modify the Oracle
security defaults provided by Oracle. The system sends an email notification to
all identity domain administrators alerting them of any modifications.
Note
A maximum of 50 identity domain administrators receive the email notification.
To understand more about policies and roles, see Getting Started with Policies,
Understanding Administrator Roles, and Understanding Policies.
The following changes to the Oracle security defaults of the "Security Policy
for OCI Console" sign-on policy require explicit consent:
* Adding new rules
* Deleting any Oracle default security rules
* Resequencing any Oracle default security rules
* Modifying any Conditions (including Group membership) or Actions in the
Oracle default security rules
* Restoring the "Security Policy for OCI Console" to the Oracle security
defaults
Important
Oracle sends three email reminders to all tenancy and domain administrators,
reminding them to review the "Security Policy for OCI Console" sign-on policy
for each of their domains and to either keep any customizations to the policy or
restore the policy to the Oracle security defaults. After three email reminders,
at least one administrator must provide consent before you can continue working
in the Console.
This section contains the following topics:
* Modifying the Domain's Oracle Security Defaults
* Deleting Resources That Belong to the Domain's Oracle Security Defaults
* Restoring the Domain's Oracle Security Defaults
* Recording Consent for Changes to the Oracle Security Defaults That Were Made
Without Recorded Consent
* Viewing the "Security Policy for OCI Console" Sign-On Policy Consents
MODIFYING THE DOMAIN'S ORACLE SECURITY DEFAULTS 🔗
Modifying the "Security Policy for OCI Console" sign-on policy, either through
the Console or through the API, requires explicit consent from the identity
domain administrators. An email will then be sent to other identity domain
administrators with details of the change.
To manage sign-on policies, you must have one of the following access grants:
* Be a member of the Administrators group
* Be granted the identity domain administrator role
* Be a member of a group granted manage identity-domains
Note
* Important
If you're using Oracle Identity Cloud Service (IDCS) stripes that haven't
been migrated to IAM identity domains, you can't modify the "Security Policy
for OCI Console" using the Admin Console. To make changes to this policy, you
must use the API instead. Note that the Admin Console UI doesn't support
modifications to the "Security Policy for OCI Console"
* After the modification consent is provided, you can make changes to the
policy without any additional consents. After the "Security Policy for OCI
Console" sign-on policy is restored to the Oracle security defaults, any
subsequent change will require consent.
Important
To restore the Oracle security defaults, you must click Restore defaults.
Don't manually revert the changes to the Oracle security defaults.
* Consent emails can be sent to a maximum of 50 identity domain administrators.
* Identity domain administrators can restore a modified "Security Policy for
OCI Console" sign-on policy to the Oracle security defaults at any time. See
Restoring the Domain's Oracle Security Defaults.
MODIFYING THE ORACLE SECURITY DEFAULTS USING THE CONSOLE 🔗
To modify the Oracle security defaults in the sign-on policy, you must provide
explicit consent and a justification.
1. Open the navigation menu and click Identity & Security. Under Identity,
click Domains.
2. Click the name of the identity domain that you want to work in. You might
need to change the compartment to find the domain that you want.
3. Click Security, and then click Sign-on policies.
4. In the Sign-on policies page, click the "Security Policy for OCI Console"
sign-on policy.
5. Make your changes ans record consent. Click Predefined Category or click
Other to enter the supporting justification. See Updating a Sign-On Policy
for more details about modifying sign-on policies in the Console.
MODIFYING ORACLE SECURITY DEFAULTS USING THE API 🔗
To modify the "Security Policy for OCI Console" sign-on policy, use the
following API operations:
Note
For information about accessing the REST API, see Using OAuth 2 to Access the
REST API.
* /Policies
* /Rules
* /ConditionGroups
* /Conditions
Note
* All these APIs accept consent, justification, and reason similar to the
Console.
* The API operation is blocked if no explicit consent is provided. The consent,
justification, or reason only apply to the "Security Policy for OCI Console"
sign-on policy.
Example Request Body
PATCH https://<domainURL>/admin/v1/Policies/OciConsolePolicy
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "replace",
"path": "active",
"value": false
},
{
"op": "replace",
"path": "urn:ietf:params:scim:schemas:oracle:idcs:extension:ociconsolesignonpolicyconsent:Policy:consent",
"value": true
},
{
"op": "replace",
"path": "urn:ietf:params:scim:schemas:oracle:idcs:extension:ociconsolesignonpolicyconsent:Policy:justification",
"value": "MFA Configured in Custom Policy"
}
]
}
Example Response Body
{
"policyType": {
"value": "SignOn",
"$ref": "https://<domain_name>/admin/v1/PolicyTypes/SignOn"
}
.
.
.
"id": "OciConsolePolicy",
"active": false,
"name": "Security Policy for OCI Console",
.
.
.
}
DELETING RESOURCES THAT BELONG TO THE DOMAIN'S ORACLE SECURITY DEFAULTS 🔗
To delete the resources that belong to the "Security Policy for OCI Console"
sign-on policy, they must be dereferenced from their parent object.
Rules, Conditions and Condition Groups are part of the Policy object. See the
following list of the parent-child references for the objects:
* Rule is referenced in Policy
* Condition Group is referenced in Rule
* Condition is referenced in Rule or Condition Groups
DELETING RESOURCES USING THE CONSOLE 🔗
To remove a sign-on rule from the "Security Policy for OCI Console" sign-on
policy:
1. On the sign-on policy details page, select the checkbox for each sign-on
rule that you want to delete from the policy.
2. Click Remove sign-on rule.
3. Click the Consent checkbox and enter a justification.
4. In the confirmation window, click Remove sign-on rule.
DELETING RESOURCES USING THE API 🔗
Dereferencing must be done using a PUT or PATCH operation on the corresponding
parent object before removing the required child object.
Example Request Body
PATCH https://<domainURL>/admin/v1/Policies/OciConsolePolicy
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "replace",
"path": "rules",
"value": [
{
"value": "OciConsoleAdminMFARule",
"sequence": 1,
"name": "MFA for administrators",
"$ref": "https://<domainURL>/admin/v1/Rules/OciConsoleAdminMFARule"
}
<2nd Rule Has been not included (de-referenced)>
]
},
{
"op": "replace",
"path": "urn:ietf:params:scim:schemas:oracle:idcs:extension:ociconsolesignonpolicyconsent:Policy:consent",
"value": true
},
{
"op": "replace",
"path": "urn:ietf:params:scim:schemas:oracle:idcs:extension:ociconsolesignonpolicyconsent:Policy:justification",
"value": "MFA Configured in Custom Policy"
}
]
}
Example Response Body
.
.
.
"active": true,
"name": "Security Policy for OCI Console",
"rules": [
{
"value": "OciConsoleAdminMFARule",
"sequence": 1,
"name": "MFA for administrators",
"$ref": "https://<domainURL>/admin/v1/Rules/OciConsoleAdminMFARule"
}
],
.
.
.
RESTORING THE DOMAIN'S ORACLE SECURITY DEFAULTS 🔗
You can restore the "Security Policy for OCI Console" sign-on policy to the
Oracle security defaults after providing restoration consent.
To restore the default security settings for the "Security Policy for OCI
Console" sign-on policy, you must provide explicit consent and a justification.
An email will then be sent to other identity domain administrators with details
of the restoration.
Note
* Restoration emails can be sent to a maximum of 50 identity domain
administrators.
* Identity domain administrators can restore a changed "Security Policy for OCI
Console" sign-on policy sign-on policy to the Oracle security defaults at any
time.
During restoration of the "Security Policy for OCI Console" sign-on policy, the
following actions are performed:
1. If any of the phishing-resistant factors aren't enabled for the policy, then
restoration enables the following factors:
* Mobile app push notification
* Mobile app passcode
* Fast ID Online (FIDO)
2. Only the rules seeded by Oracle are restored, even if the rule was deleted.
Any custom rules are removed from the policy.
3. If an administrator's group is deleted or renamed, during restoration, a new
administrator's group is created without any members or roles and assigned
to the MFA for administrators sign-on rule. The administrator's group name
differs depending on the identity domain. Use the following list to find the
correct group name:
* Administrators group: In default identity domains.
* Domain_Administrators group: In secondary identity domains.
* IDCS_Administrators group: For IDCS stripes migrated to OCI identity
domains.
4. If a custom policy has been attached or no policy has been attached to the
OCI Console application, on restoration this policy is attached to the
"Security Policy for OCI Console" sign-on policy.
RESTORING THE ORACLE SECURITY DEFAULTS USING THE CONSOLE 🔗
To restore the "Security Policy for OCI Console" sign-on policy to the Oracle
security defaults, access the sign-on policy details page and click Restore
defaults and provide the consent.
Important
To restore the Oracle security defaults, you must click Restore defaults. Don't
manually revert the changes to the Oracle security defaults.
See Updating a Sign-On Policy for more details about modifying sign-on policies
in the Console.
RESTORING THE ORACLE SECURITY DEFAULTS USING THE API 🔗
To restore a policy to Oracle security defaults, make a POST call using the
/RestoreOciConsolePolicy API operation.
Example Request Body
POST https://<domainURL>/admin/v1/RestoreOciConsolePolicy
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:RestoreOciConsolePolicy"
],
"reason" : "Custom requirement to reset the policy to factory defaults",
"consent": true
}
Example Response Body
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:RestoreOciConsolePolicy"
],
"reason": "Custom requirement to reset the policy to factory defaults",
"consent": true,
"meta": {
"resourceType": "RestoreOciConsolePolicy",
"location": "https://<domain_name>/admin/v1/RestoreOciConsolePolicy"
},
"domainOcid": "ocid1.tenancy.oc1..<unique_id>",
"compartmentOcid": "ocid1.compartment.oc1..<unique_id>",
"tenancyOcid": "ocid1.tenancy.oc1..<unique_id>"
}
RECORDING CONSENT FOR CHANGES TO THE ORACLE SECURITY DEFAULTS THAT WERE MADE
WITHOUT RECORDED CONSENT 🔗
Oracle requires explicit consent for changes to the "Security Policy for OCI
Console" sign-on policy. If you've made changes without consent, you must
provide it now.
RECORDING CONSENT FOR CHANGES IF YOU HAVEN'T DONE SO 🔗
If you've modified the "Security Policy for OCI Console" sign-on policy without
providing consent, Oracle now requires it. You'll be prompted to review and
address any deviations from the Oracle security defaults.
Any of the following changes alert Oracle that the "Security Policy for OCI
Console" sign-on policy has deviated from the Oracle security defaults:
* The sign-on policy hasn't been attached to the "OCI Console Application."
* The sign-on policy is deactivated.
* Adding new rules.
* Deleting any Oracle default security rules.
* Resequencing any Oracle default security rules. The policy should only
contain 2 sign-on rules:
* 1. MFA for administrators and
* 2. MFA for all users
which have been created by Oracle in the same preferential order.
* Modifying any Oracle default security rules.
If the "Security Policy for OCI Console" sign-on policy has deviated from the
Oracle security defaults, you must provide explicit consent to either retain the
current state of the policy or restore it to the Oracle security defaults. To
review the sign-on policy, sign in to the Console as a tenancy administrator or
domain administrator. Once signed in, the "Review sign-on policy changes" page
will be displayed, where you can make one of the following choices and then save
the change:
* Keep changes: Select this option if the sign-on policy changes meet your
custom requirements and you want to keep them. By accepting consent, you
acknowledge the risks of deviating from Oracle's security defaults. We will
record your consent and notify the identity domain administrators in an
email.
Note
A maximum of 50 identity domain administrators receive the email
notification.
See Modifying the Oracle Security Defaults Using the Console for more
details.
* Restore to default policy: Select this option to revert to the Oracle
security defaults. By accepting consent, you agree to restore all elements of
the "Security Policy for OCI Console" sign-on policy, including
phishing-resistant factors, to the Oracle security defaults. Restoration
consent is recorded, and email notifications are sent to the identity domain
administrators of the respective domain.
Note
A maximum of 50 identity domain administrators receive the email
notification.
See Restoring the Domain's Oracle Security Defaults for more details.
After consent is recorded, you'll not be prompted again when signing in.
VIEWING THE "SECURITY POLICY FOR OCI CONSOLE" SIGN-ON POLICY CONSENTS 🔗
Use the identity domains API to view the recorded modification consents and
restoration consents for an identity domain.
To view the consents in an identity domain, make a GET call using the
/OciConsoleSignOnPolicyConsents API operation.
The changeType of the consent indicates the current consent status of the
identity domain and can be one of the following types:
* No entry: No consent has ever been recorded for the identity domain.
* MODIFIED: Modification consent has been recorded for the identity domain and
the "Security Policy for OCI Console" sign-on policy has been modified from
the Oracle security defaults.
* RESTORED_TO_FACTORY_DEFAULTS: Restoration consent has been recorded for the
identity domain and the "Security Policy for OCI Console" sign-on policy is
configured to the Oracle security defaults.
Viewing Consents Using the Console
You can't perform this action in the Console.
Viewing All Consents Using the API
Example Response Body (view all consents)
GET https://<domainURL>/admin/v1/OciConsoleSignOnPolicyConsents
Example Response Body (view all consents)
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"Resources": [
{
"consentSignedBy": {
"type": "App",
"value": "<app_id>",
"ocid": "ocid1.domainapp.region1.sea.<unique_id>",
"displayName": "IDA Application"
},
"reason": "Want to restore to factory defaults",
"modifiedResource": {
"value": "OciConsolePolicy",
"type": "Policy",
"ocid": "ocid1.domainpolicy.region1.sea.<unique_id>"
},
"idcsLastModifiedBy": {
"type": "App",
"value": "<app_id>",
"display": "IDA Application",
"ocid": "ocid1.domainapp.region1.sea.<unique_id>",
"$ref": "https://<domainURL>/admin/v1/Apps/<app_id>"
},
"idcsCreatedBy": {
"type": "App",
"ocid": "ocid1.domainapp.region1.sea.<unique_id>",
"display": "IDA Application For Testing",
"value": "<app_id>",
"$ref": "https://<domainURL>/admin/v1/Apps/<app_id>"
},
"meta": {
"version": "0cac077e85994471baf80a79a611c84e",
"created": "2024-08-06T08:37:47.675Z",
"lastModified": "2024-08-06T08:37:47.675Z",
"resourceType": "OciConsoleSignOnPolicyConsent",
"location": "https://<domainURL>/admin/v1/OciConsoleSignOnPolicyConsents/<sign-on-policy_id>"
},
"id": "<sign-on-policy_id>",
"justification": "Other",
"ocid": "ocid1.domainsignonpolicyconsent.region1.sea.<unique_id>",
"changeType": "RESTORED_TO_FACTORY_DEFAULT",
"timeConsentSigned": "2024-08-06T08:37:47.655Z",
"policyResource": {
"value": "OciConsolePolicy",
"ocid": "ocid1.domainpolicy.region1.sea.<unique_id>"
},
"clientIp": "10.3.62.212",
"notificationRecipients": [
"admin5@oracle.com",
"admin4@oracle.com",
"admin2@oracle.com",
"admin1@oracle.com",
"admin3@oracle.com"
],
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:OciConsoleSignOnPolicyConsent"
],
"domainOcid": "ocid1.tenancy.oc1..<unique_id>",
"compartmentOcid": "ocid1.compartment.oc1..<unique_id>",
"tenancyOcid": "ocid1.tenancy.oc1..<unique_id>"
},
{
"consentSignedBy": {
"type": "User",
"value": "<user_id>",
"ocid": "ocid1.domainuser.region1.sea.<unique_id>",
"displayName": "Admin OPC"
},
"modifiedResource": {
"value": "OciConsolePolicy",
"type": "Policy",
"ocid": "ocid1.domainpolicy.region1.sea.<unique_id>"
},
"idcsLastModifiedBy": {
"type": "User",
"value": "<user_id>",
"display": "Admin OPC",
"ocid": "ocid1.domainuser.region1.sea.<unique_id>",
"$ref": "https://<domainURL>/admin/v1/Users/<user_id>"
},
"idcsCreatedBy": {
"type": "User",
"ocid": "ocid1.domainuser.region1.sea.<unique_id>",
"display": "Admin OPC",
"value": "<user_id>",
"$ref": "https://<domainURL>/admin/v1/Users/<user_id>"
},
"meta": {
"version": "d65324105b1044d39b08475e3fe45650",
"created": "2024-08-06T08:33:27.912Z",
"lastModified": "2024-08-06T08:33:27.912Z",
"resourceType": "OciConsoleSignOnPolicyConsent",
"location": "https://<domainURL>/admin/v1/OciConsoleSignOnPolicyConsents/<consent_id>"
},
"id": "<consent_id>",
"justification": "MFA Configured in Custom Policy",
"ocid": "ocid1.domainsignonpolicyconsent.region1.sea.<unique_id>",
"changeType": "MODIFIED",
"timeConsentSigned": "2024-08-06T08:33:27.823Z",
"policyResource": {
"value": "OciConsolePolicy",
"ocid": "ocid1.domainpolicy.region1.sea.<unique_id>"
},
"clientIp": "10.3.62.212",
"notificationRecipients": [
"admin5@oracle.com",
"admin4@oracle.com",
"admin2@oracle.com",
"admin1@oracle.com",
"admin3@oracle.com"
],
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:OciConsoleSignOnPolicyConsent"
],
"domainOcid": "ocid1.tenancy.oc1..<unique_id>",
"compartmentOcid": "ocid1.compartment.oc1..<unique_id>",
"tenancyOcid": "ocid1.tenancy.oc1..<unique_id>"
}
],
"startIndex": 1,
"itemsPerPage": 2
}
Viewing the Latest Consent Using the API
Example Request Body (view latest consent)
GET https://<domainURL>/admin/v1/OciConsoleSignOnPolicyConsents?sortBy=meta.created&sortOrder=DESCENDING&count=1&filter=policyResource.value eq "OciConsolePolicy"
Example Response Body (view latest consent)
{
"consentSignedBy": {
"type": "User",
"value": "<user_id>",
"ocid": "ocid1.domainuser.region1.sea.<unique_id>",
"displayName": "Admin OPC"
},
"modifiedResource": {
"value": "OciConsolePolicy",
"type": "Policy",
"ocid": "ocid1.domainpolicy.region1.sea.<unique_id>"
},
"idcsLastModifiedBy": {
"type": "User",
"value": "<user_id>",
"display": "Admin OPC",
"ocid": "ocid1.domainuser.region1.sea.<unique_id>",
"$ref": "https://<domainURL>/admin/v1/Users/<user_id>"
},
"idcsCreatedBy": {
"type": "User",
"ocid": "ocid1.domainuser.region1.sea.<unique_id>",
"display": "Admin OPC",
"value": "<user_id>",
"$ref": "https://<domainURL>/admin/v1/Users/<user_id>"
},
"meta": {
"version": "d65324105b1044d39b08475e3fe45650",
"created": "2024-08-06T08:33:27.912Z",
"lastModified": "2024-08-06T08:33:27.912Z",
"resourceType": "OciConsoleSignOnPolicyConsent",
"location": "https://<domainURL>/admin/v1/OciConsoleSignOnPolicyConsents/<consent_id>"
},
"id": "<consent_id>",
"justification": "MFA Configured in Custom Policy",
"ocid": "ocid1.domainsignonpolicyconsent.region1.sea.<unique_id>",
"changeType": "MODIFIED",
"timeConsentSigned": "2024-08-06T08:33:27.823Z",
"policyResource": {
"value": "OciConsolePolicy",
"ocid": "ocid1.domainpolicy.region1.sea.<unique_id>"
},
"clientIp": "10.3.62.212",
"notificationRecipients": [
"admin5@oracle.com",
"admin4@oracle.com",
"admin2@oracle.com",
"admin1@oracle.com",
"admin3@oracle.com"
],
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:OciConsoleSignOnPolicyConsent"
],
"domainOcid": "ocid1.tenancy.oc1..<unique_id>",
"compartmentOcid": "ocid1.compartment.oc1..<unique_id>",
"tenancyOcid": "ocid1.tenancy.oc1..<unique_id>"
}
],
Was this article helpful?
YesNo
* Expand All Expandable Areas
* Modifying and Restoring Oracle Security Defaults Using the Required Consents
* Modifying the Domain's Oracle Security Defaults
* Modifying the Oracle Security Defaults Using the Console
* Modifying Oracle Security Defaults Using the API
* Restoring the Domain's Oracle Security Defaults
* Restoring the Oracle Security Defaults Using the Console
* Restoring the Oracle Security Defaults Using the API
* Recording Consent for Changes to the Oracle Security Defaults That Were Made
Without Recorded Consent
* Recording Consent for Changes If You Haven't Done So
* Viewing the "Security Policy for OCI Console" Sign-On Policy Consents
* Viewing Consents Using the Console
* Viewing All Consents Using the API
* Viewing the Latest Consent Using the API
Was this article helpful?
YesNo
Updated 2024-11-22
* Copyright © 2024, Oracle and/or its affiliates.
* About Oracle
* Contact Us
* Legal Notices
* Terms of Use & Privacy
* Document Conventions
* Cookie-Einstellungen