1. Administering Oracle Identity Cloud Service
  2. Configure Security Settings
  3. Manage Account Recovery in Oracle Identity Cloud Service
  4. Configure Account Recovery

Configure Account Recovery

Account recovery is an automated process designed to help users regain access to their accounts if they have trouble signing in, they’re locked out, or they forget their passwords.

There are three account recovery factors that identity domain administrators and security administrators can configure for users:

  • Security questions: You can allow a user to select and answer security questions, and provide hints for answers to these questions, to verify their identity. If they have to recover their account, then they must answer these questions correctly to regain access.

  • Email: By default, a user’s primary email address has been set as the email address that Oracle Identity Cloud Service will use to help the user recover their account. If the user has to regain access, then Oracle Identity Cloud Service will send a notification to this email address. The user follows the instructions in the notification to recover their account.

    Instead of their primary email address, you can allow the user to specify an alternate (recovery) email address to regain access to their account.

  • Text message (SMS): You can allow a user to provide a mobile number that Oracle Identity Cloud Service will use to help them recover access to their account. This way, if they have to regain access, then Oracle Identity Cloud Service will send a passcode in a text message (SMS) to this mobile number. The user enters this passcode to recover their account.

    Tip:

    This account recovery factor is useful for users without Internet connectivity.

Important:

Because you want users to be able to regain access to their accounts, you must set at least one account recovery factor for them.

In addition to setting account recovery factors, identity domain administrators and security administrators can specify:

  • How many consecutive, unsuccessful account recovery attempts a user can make before the user’s account is locked.

  • How long the user’s account will be locked before they can attempt to recover their account again.

You can access the Manage Account Recovery in Oracle Identity Cloud Service infographic to see how to configure account recovery factors for users.

  1. In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then click Account Recovery. The Account Recovery Settings page appears.

  2. Use the following table to populate the Account Recovery Settings page:

    Field Description
    Security Questions

    If you want users to be able to configure security questions to recover their accounts, then select this check box.

    Otherwise, deselect this check box, and in the Deactivate Security Questions? dialog box, click Deactivate Security Questions.

    If you select this check box, then click Configure to set up security questions that users can manage for their accounts. See Set Up a Mobile Number As An Authentication Method.

    Email

    If you want users to be able to specify an email address other than their primary email address to recover their accounts, then select this check box.

    Otherwise, deselect this check box, and in the Deactivate Email? dialog box, click Deactivate Email.

    If you select this check box, then click Configure to define the settings for the notification that’s sent to the user. See Configure Email Settings.

    Text Message (SMS)

    If you want users to be able to provide a mobile number to recover their accounts, then select this check box.

    Otherwise, deselect this check box, and in the Deactivate SMS? dialog box, click Deactivate SMS.

    If you select this check box, then click Configure to define the settings in Oracle Identity Cloud Service for sending a passcode as a text message (SMS) to the user. See Configure One-Time Passcode Text Messages.

    Maximum consecutive unsuccessful recovery attempts Specify the number of consecutive, unsuccessful account recovery attempts after which the user’s account is locked.
    Lockout duration Specify (in minutes) how long the user's account will be locked (because they exceeded the setting in the Maximum consecutive unsuccessful recovery attempts field) before the user can attempt to recover their account again.

  3. Click Save.

  4. In the Confirmation window, click OK.

    Users can set up account recovery for their accounts. See Set Your Account Recovery Options.