Deactivate Delegated Authentication

You can deactivate delegated authentication for a Microsoft Active Directory (AD) Bridge associated with an AD domain. Users transferred into Oracle Identity Cloud Service through this bridge must use their Oracle Identity Cloud Service passwords to authenticate into Oracle Identity Cloud Service. Also, by deactivating delegated authentication, you can verify that the AD credentials from a user in that domain can be used to sign in to Oracle Identity Cloud Service before activating delegated authentication for the bridge.

1. In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then click Delegated Authentication.
2. Expand the node to the left of the AD Bridge for which you want to deactivate delegated authentication.
3. Turn Off the Activate Delegated Authentication switch.
4. In the Deactivate Delegated Authentication window:
   1. Select the Send a Password Reset Notification (recommended) option if you want users in the AD domain associated with the AD bridge to receive notifications to reset the passwords for their accounts. This is recommended for security purposes.
   2. Select the Create a Password option if you want to manually reset passwords for the users in the domain associated with the bridge. No notification is sent to users. Selecting Create a Password means that the Users in the domain, who were previously able to sign in using Delegated Authentication, will not be able to sign in to the system. To allow them to sign into the system, reset their passwords using the reset passwords option on the Users tab. See Reset Passwords for User Accounts.
5. Click OK.