Skip Headers
Oracle® Cloud Getting Started with Oracle Cloud
Release 12.2

Part Number E27036-02
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

3 Managing Service Users

After services have been activated and verified to be ready for use, users must be added to the Oracle Cloud identity management system before they can begin using the cloud services. Service users may include developers, end users, and additional service administrators.

Identity domain administrators use Oracle Identity Console to add and manage users and roles for all Oracle Cloud services. It may be helpful to have an understanding of roles and identity domains used in Oracle Cloud before you begin. For information, see "About Identity Domains and User Roles".

Note:

Oracle Identity Console supports various special modes for accessibility. From any screen, click Accessibility at the top of the page. You can select any combination of screen reader mode, high contrast colors mode, and large fonts mode.

Topics:

About Oracle Identity Console and User Profiles

Oracle Identity Console is a web-based self-service and administration tool of the identity management system that is used by administrators in the provisioning and management of users and roles for all Oracle Cloud services. Both administrative and non-administrative users, however, can use the Identity Console to change their own passwords, password security questions, and the responses to the security questions. To log in to the Identity Console, you need to know the identity domain you want to work in, your user ID, and your password.

Oracle Cloud creates user profiles for designated administrators and provisioned users in an identity management repository that is dedicated to your enterprise. Oracle, however, does not manage the user profiles. As administrators you manage your own service users and their profiles and roles in the Identity Console. As non-administrative users, you can manage only certain aspects of your user profiles in the Identity Console.

As an identity domain administrator, your view in the Identity Console is limited to the users and roles in the identity domains that you have been assigned to manage. In your view, you can perform all user and role management functions such as searching for users and roles, creating and modifying users and roles, and revoking and granting roles to users. If you are assigned as the identity domain administrator for services in more than one identity domain, you must log in to each identity domain separately to manage users and roles in that identity domain.

As the service administrator, your view in the Identity Console is restricted to the users and roles for the services that you have been assigned to manage, and you are limited to mostly search and read-only functions. For example, you cannot add or modify users and roles but you can revoke and grant roles to users. Note that the services you have been assigned to manage can be in one or more identity domains. If you are assigned as the service administrator for services in more than one identity domain, you must log in to each identity domain separately to search for users and grant roles to users in that identity domain.

Note:

If an individual is both the service administrator and the identity domain administrator, only one user profile for that individual is created.

As a non-administrative user, your view in the Identity Console is limited to your own profile information only, and you have limited password management functions in the Identity Console. For example, you can change your own password, and can add or change your own password challenge questions in the event that you need the system to reset your password. You can also see what roles you have been granted but you cannot grant yourself roles or revoke roles.

About Pre-Seeded Roles and Users

When Oracle Cloud services are provisioned in an identity domain, a few accounts are automatically created in Oracle Identity Console. Pre-seeded service roles are also populated at the same time. (Roles are named groups of related privileges.) The pre-seeded service users and roles correspond to the service type being provisioned, and they include both administrative types and non-administrative types.

Table 3-1 lists the pre-seeded user accounts that may be created:

Table 3-1 Pre-seeded User Accounts

Account Description

Identity Domain Administrator

The identity domain administrator you designate during trial or paid service sign-up. An identity domain administrator can also be a service administrator.

Service Administrator

The service administrator you designate during trial or paid service sign-up. A service administrator can also be an identity domain administrator.

Identity Domain SFTP User

Each identity domain is assigned an FTP account. Do not delete this user or remove its special SFTP User role.

Service SFTP User

Each service is assigned an SFTP account. Do not delete this user or remove its special SFTP User role.


Pre-seeded user accounts are similar to user accounts you create: they have a user name, email address, password, and roles.

Caution:

Be careful when managing pre-seeded user accounts.

Your account must always have at least one user with identity domain administration privileges. If you delete your only identity domain administrator, or remove the administration role from this user, you will be unable to access the Oracle Identity Console.

The pre-seeded SFTP accounts have special roles that allow you to connect to Oracle Cloud SFTP servers. You cannot manage or assign these roles to other users, so if you delete an SFTP user or remove the SFTP User Role, you will be unable to restore it.

If you accidentally disable or delete one of the pre-seeded accounts, contact Oracle Support for assistance. See "Where to Get Help" for details.

Administrative individuals are automatically granted the pre-seeded roles that correspond to their administrator role and the type of service they are targeted to manage. For example, the service administrator for an Oracle Java Cloud Service is given the Java Administrator pre-seeded role and the service administrator for an Oracle Database Cloud Service is given the Database Administrator pre-seeded role.

In addition, all identity domain administrators are granted the Identity Domain Administrator pre-seeded role when any service is first set up. So if an individual is both the identity domain administrator and the service administrator for, say, a Database service, then the individual is automatically granted the Identity Domain Administrator and Database Administrator pre-seeded roles.

Note:

To see what roles have been pre-seeded in a new identity domain, log in to Oracle Identity Console, navigate to the Manage Roles page, and click Search (leaving the search field blank). For login instructions, see "Logging In to Oracle Identity Console".

Table 3-2 shows the pre-seeded roles for administrative users and the role-based privileges, and where to find applicable task information.

Table 3-2 Administrative Users and Their Pre-Seeded Roles and Privileges

Pre-Seeded Role Service Type Privileges Task Information

Java Administrator

Automatically granted to the service administrator when the Java service is first set up in an identity domain.

Java

Can use Oracle Java Cloud Service Control to manage and monitor a Java service, such as deploying new applications and modifying existing ones.

Can monitor and manage service usage in Oracle Cloud.

Can grant and revoke roles in Oracle Identity Console.

See the appropriate document: Using Oracle Java Cloud Service, "Operating and Monitoring Cloud Services", and "Granting and Revoking Roles".

Database Administrator

Automatically granted to the service administrator when the Database service is first set up in an identity domain.

Note: Explicitly grant the Database Administrator role to users who need to use My Services in Oracle Cloud to monitor and manage Database cloud service usage.

Database

Can access all Oracle Application Express application components, and manage application user accounts using Oracle Application Express authorization.

Can perform workspace administrator tasks specific to a workspace such as monitoring workspace activity, and viewing log files.

Can monitor and manage service usage in Oracle Cloud.

Can grant roles to users in Oracle Identity Console.

See the appropriate document: Using Oracle Database Cloud Service, "Operating and Monitoring Cloud Services", and "Granting and Revoking Roles".

Identity Domain Administrator

Automatically granted to the identity domain administrator when an identity domain is created.

Not applicable

Can use Oracle Identity Console to add and delete users, add and delete roles, grant and revoke roles, and reset user passwords.

See the appropriate section: "Adding, Modifying, and Deleting Users", "Creating and Deleting Roles", "Granting and Revoking Roles", and "Changing Passwords and Password Challenge Questions".


Note:

The pre-seeded roles Java Administrator, Database Administrator, and Identity Domain Administrator can be explicitly granted to other individuals in the same identity domain. This is useful, for example, during the interim period of transitioning service administrative duties from one individual to another in an identity domain.

After identity domain administrators provision users for Oracle Cloud services by creating individual user profiles in the Identity Console, the appropriate pre-seeded service roles must be explicitly granted to the individual users according to the service type that they are allowed to access. For example, a developer must be granted the Database Developer role to develop and deploy applications using the Database service.

Table 3-3 shows the explicit pre-seeded roles for non-administrative users and the role-based privileges.

Table 3-3 Non-Administrative Users and Their Pre-Seeded Roles and Privileges

Pre-Seeded Role Service Type Privileges Task Information

Database Developer

When you provision users as developers, assign this pre-seeded role to them so they can use the Database service to develop and deploy applications.

Database

Can develop and edit Oracle Application Express applications using the Application Builder and SQL Workshop.

See Using Oracle Database Cloud Service.

Database User

When you provision users as end users, assign this pre-seeded role to them so they can use applications that have been deployed on Database cloud services.

Note: An access control list (ACL) is used to further restrict access to an application or to features within an application.

Database

Can run applications only.

Not applicable

Java User

When you provision service users as end users, assign this pre-seeded role to them so they can use applications that have been deployed on Java cloud services.

Java

Can run applications only.

Not applicable


About Service Role Names

Pre-seeded role names related to specific services are prefixed by a service name for a service instance:

<service_name> <role_name>

For example, if myservice1 is the name for a Database service, then the fully qualified name for the service administrator role of the Database service is myservice1 Database Administrator.

Logging In to Oracle Identity Console

To log in to Oracle Identity Console, you need a user ID, password, and an identity domain.

For identity domain administrators and service administrators, your login credentials are sent to you in an email when your assigned services in an identity domain are activated. A temporary password is sent in a separate email. If you did not receive any post-activation emails, contact Oracle to get clarification. For support information, see "Where to Get Help".

For non-administrative users, you will receive an email with your login ID and identity domain when your user profile is created. Your identity domain administrator must provide you with your temporary password separately. Contact your identity domain administrator if you did not receive any information.

Note:

If you are already logged in to My Services in Oracle Cloud, you can click the Identity Console button on the Services page to go to Oracle Identity Console. You will not be prompted to sign in because you are already logged in to the identity management system.

To log in to Oracle Identity Console:

  1. In your web browser, go to Oracle Identity Console by using the URL provided in the welcome email or by your administrator. For example:

    http://<host_name>:<port_number>/identity/faces/pages/Identity.jspx

  2. On the Sign In page, enter your account credentials and click Sign In.

    Figure 3-1 Identity Console Sign In Page

    Description of Figure 3-1 follows
    Description of "Figure 3-1 Identity Console Sign In Page"

  3. If this is your first time logging in, you are prompted to provide a new password and set three password challenge questions for your profile. Do the following:

    1. Enter the old password.

    2. Enter a new password.

    3. Enter the new password again.

    4. Select a question from the Question 1 drop down list, then enter your answer in the field next to the drop down.

    5. Repeat the procedure for Question 2 and Question 3.

    6. Click Submit.

      For instructions on how to change your password and password challenge questions later, see "Changing Your Own Password" and "Changing Your Password Challenge Questions".

When logged in to the Identity Console, you should see your profile information on the first screen. For administrators, you should have Manage Users and Manage Roles options available in the left panel. For non-administrative users, you have access to My Profile only.

Figure 3-2 Navigation Pane in the Identity Console

Description of Figure 3-2 follows
Description of "Figure 3-2 Navigation Pane in the Identity Console"

Note:

You are automatically logged out of the Identity Console after a period of inactivity in the console. When this happens, you may be asked to reenter your account credentials when the system registers an activity in the console.

Adding, Modifying, and Deleting Users

Only identity domain administrators can add users, and they are allowed to add, modify, and delete users only in the identity domains that they have been designated to administer.

Note:

To see which users have already been added to an identity domain, log in to Oracle Identity Console, navigate to the Manage Users page and click Search while leaving the search field blank. All users are listed.

For login instructions, see "Logging In to Oracle Identity Console".

To add users in Oracle Identity Console, identity domain administrators need the users' valid business email addresses and first and last names, and the services that the users are allowed to access.

After users have been added, the appropriate pre-seeded service roles must be explicitly granted to the users according to the services they are allowed to access. Users cannot log in until they have been granted at least one role. For information about managing service roles, see "About Pre-Seeded Roles and Users" and "Granting and Revoking Roles".

Adding a Single User

When you add one user at a time using the Create button in the Identity Console, you manually assign a temporary password for the user. After the profile is created, the user is sent an email with their account credentials (user ID and identity domain). The account credentials are used to log in to My Services in Oracle Cloud (service administrator users only), the cloud services, and the Identity Console.

Caution:

Make a note of the temporary password you assign when you create a user account. This temporary password is not included in the automated email sent to the new user: you must communicate this information to new users yourself, along with the URL for services and the Oracle Identity Console.

To add one user at a time:

  1. Log in to Oracle Identity Console using the identity domain that you want to work in.

  2. On the left navigation pane, expand Administration, then click Manage Users.

  3. On the Manage Users page, click Create on the toolbar.

    Figure 3-3 Toolbar Icons on the Manage Users Page

    Description of Figure 3-3 follows
    Description of "Figure 3-3 Toolbar Icons on the Manage Users Page"

  4. In the Create User dialog, enter the following details:

    • First Name: This is mandatory.

    • Last Name: This is mandatory.

    • Email: This is mandatory. Enter a valid business email in standard format. For example, johndoe@somecompany.com.

    • User ID: This is optional. By default the user ID is the same as the email, if you don't enter a value here. The maximum size of the User ID is 80 characters.

    • Password: Enter a password. This is a temporary password. The user can change the password when they log in.

      A password must not match or contain the last name, and it must be at least six characters long. For complete password guidelines, see Figure 3-12, "Change Password Section".

      Note:

      Make a note of the temporary password. The system does not send the temporary password to the user: you must do this yourself. If you forget or lose this password, you must reset it: see "Resetting Another User's Password".
    • Confirm Password: Reenter the password.

  5. When you are finished, click Create.

    Note:

    On the Manage Users page, click Search to display the user you have just added.

After the user profiles are created, you or the service administrator must assign appropriate roles to the users.

Note:

A user who has no role assigned cannot log in to the Identity Console.

Then, notify users of their login credentials (user ID, temporary password, and identity domain), along with the Identity Console URL and one or more service URLs, depending on the service type the users are allowed to access. For information about granting roles to users, see "Granting and Revoking Roles".

Adding a Batch of Users

You can add many users at once using a bulk upload process.

To add a batch of users, create a .csv file with at least three columns with the column headings First Name, Last Name, and Email. Optionally you may add a fourth column using the heading User ID, if you wish. If you do not include a User ID column, by default the identity management system uses the values in the Email column to populate the User ID values in the user profiles. Be sure to use commas as delimiters for the .csv file, and create the file based on ANSI or UTF-8 character sets.

The maximum size of the User ID is 80 characters. The maximum size of the .csv file is 256k.

When you add service users using the batch function in the Identity Console, the system generates temporary passwords for the users. After the profiles are created, the system generates and sends emails containing the login credentials.

Notes:

  • Single-quote characters and apostrophes (', ') are allowed in user names and IDs and are interpreted literally. Use double-quotes (") to specify strings containing spaces as a single string. For example, in a three-column .csv file:

    "Billy Bob",Smith,billybob.smith@example.com
    

    This entry creates a user with the first name "Billy Bob."

  • The .csv file must be UTF-8 encoded. If you use an invalid coding, you may see the following message:

    "File has been successfully uploaded. User records are scheduled to be created shortly"
    

    A notification is then sent indicating that 0 records were uploaded. If you see this result, double-check that the .csv file is properly encoded using UTF-8.

To add a batch of users:

  1. Log in to Oracle Identity Console.

  2. On the left navigation pane, click Manage Users.

    Note:

    To see the users that have already been added, click Search.
  3. On the Search Users page, click Load Users on the toolbar.

  4. In the File to upload field, click Browse and use the dialog to select the .csv file to use.

  5. Click Upload. If upload is successful, click OK in the Information dialog.

  6. System generated emails with login credentials will be sent to users after the profiles have been successfully created.

    You will receive an email with the subject line User Loading completed. The email provides information about the number of user records successfully uploaded, and any failure details.

Note:

On the Search Users page, click Search to refresh the list with the users you have uploaded.

Modifying User Details

You can modify your own password and challenge questions using the Identity Console. As an Identity Domain Administrator, you can also reset the passwords of other users.

To modify your own user details:

  1. Log in to Oracle Identity Console using the appropriate identity domain.

  2. On the left navigation pane, click My Profile.

  3. Make your changes on the right pane. You can expand the Change Password and Challenge Questions sections to perform those tasks.

  4. Click Apply in the relevant expanded section when done.

To reset another user's password:

  1. Log in to Oracle Identity Console using the identity domain that you want to work in.

  2. On the left navigation pane, click Manage Users.

  3. On the Manage Users page, click Search with the search field blank to display all users in the identity domain. Alternatively, enter all or part of a user's first name, last name, user ID, or email address in the field, and then click Search.

  4. Select the row that contains the user you want to modify.

    Notes:

    Select the row that contains the user; do not click the last name.
  5. Click Reset Password on the toolbar.

  6. By default the system will send a new, automatically-generated password to the user.

    To specify a new password, select Manually change the password and then enter the new password in both the New password and Confirm new password fields.

    If you do not want the new password to be mailed to the user automatically, de-select the Email the new password to the user check box. You can only de-select the check box if you manually set a password, in which case you should contact the user to give them their new password yourself.

  7. Click Reset Password.

  8. If the password change was successful, a confirmation dialog box appears. Click OK in the confirmation dialog to dismiss the message.

Deleting User Accounts

Only identity domain administrators can delete user accounts, and only in the identity domains that they have been designated to administer.

Caution:

Do not delete the pre-seeded SFTP accounts. These accounts have special roles which are not available for you to re-assign to other users, so if you delete an SFTP account you cannot restore SFTP access without the assistance of Oracle Support.

Be careful not to delete an account with the Identity Domain Administration role unless there is at least one more account with this role. If you delete the only Identity Domain Administrator, you will be unable to manage user accounts in your domain, including assigning the role to another user.

To delete a user account:

  1. Log in to Oracle Identity Console using the identity domain that you want to work in.

  2. On the left navigation pane, click Manage Users.

  3. On the Manage Users page, click Search with the search field blank to display all users in the identity domain. Alternatively, enter all or part of a user's first name, last name, user ID, or email address in the field, and then click Search.

  4. Select the row that contains the user whose account you want to delete.

    Note:

    Select the row that contains the user; do not click the last name.
  5. Click Delete User on the toolbar.

  6. Click OK when prompted in the confirmation dialog to remove the selected user account. Otherwise click Cancel.

Creating and Deleting Roles

Only identity domain administrators can create and delete roles, and only in the identity domains that they have been assigned to administer.

Note:

To see what roles have been pre-seeded or already added in an identity domain, log in to Oracle Identity Console, navigate to the Manage Roles page, and click Search, leaving the search field blank. For login instructions, see "Logging In to Oracle Identity Console".

Roles are used by application developers to secure applications. For example with Java EE applications deployed to Oracle Java Cloud Services, the application roles specified in application deployment descriptors are mapped to the enterprise roles created in the identity management system. The mapping is based on matching fully qualified role names. For information about securing applications for a Java service, see Using Oracle Java Cloud Service.

To create a role:

  1. Log in to Oracle Identity Console using the identity domain in which you want to add roles.

  2. On the left navigation pane, click Manage Roles.

  3. On the Manage Roles page, click Create on the toolbar.

    Figure 3-4 Toolbar Icons on the Manage Roles Page

    Description of Figure 3-4 follows
    Description of "Figure 3-4 Toolbar Icons on the Manage Roles Page"

  4. Enter a name and descriptive text for the new role.

  5. Click Create Role.

  6. Click OK when prompted in the Confirmation dialog.

Figure 3-5 Selecting a Role Row on the Manage Roles Page

Description of Figure 3-5 follows
Description of "Figure 3-5 Selecting a Role Row on the Manage Roles Page"

Note:

On the Manage Roles page, click Search to display the role you have just added.

To delete a role:

  1. Log in to Oracle Identity Console using the identity domain that you want to work in.

  2. On the left navigation pane, click Manage Roles.

  3. On the Manage Roles page, click Search with the search field blank to display all roles in the identity domain. Alternatively, enter all or part of a role name or description in the field and click Search.

  4. Select the row that contains the role you want to remove, then click Delete on the toolbar.

    Notes:

    • Select the row that contains the role; do not click the display name or role name in the table.

    • You cannot delete pre-seeded system roles. If you select one of these roles, the Delete button is greyed out.

  5. Click OK in the Confirmation dialog to delete the selected role. Otherwise click Cancel.

Note:

The system returns an error when there are existing members in the role or if there is a problem removing the role. Click OK when prompted in an Error dialog.

Granting and Revoking Roles

After identity domain administrators have added users for Oracle Cloud services by creating their individual user profiles in the Identity Console, the appropriate pre-seeded service roles must be explicitly granted to the individual users according to the service type they are allowed to access. For information about the pre-seeded roles to use, see "About Pre-Seeded Roles and Users".

Note:

A user account must have at least one role that grants user or administration privileges for a service in order to log in to the Identity Manager. Until you assign such a role, a new user will get an error message after authenticating if they try to sign in to Identity Manager.

Identity domain administrators can grant and revoke roles to users in the identity domains that they manage only.

Service administrators can grant and revoke roles to users for the services that they manage only. Since service administrators cannot add users or roles, this means the users and roles must already be in the system before service administrators can grant a specific role to a specific user.

Non-administrative users cannot grant or revoke roles.

The steps to grant or revoke a role are essentially the same. You find the role first, then you find and select the users you want to grant the role to or revoke the role from.

To assign or revoke a role:

  1. Log in to Oracle Identity Console using the identity domain that you want to work in.

  2. On the left navigation pane, click Manage Roles.

  3. On the Manage Roles page, click Search with the search field blank to display all roles in the identity domain. Alternatively, enter all or part of a role name or description in the field and click Search.

    Figure 3-6 Manage Roles Page Showing All Roles

    Description of Figure 3-6 follows
    Description of "Figure 3-6 Manage Roles Page Showing All Roles"

  4. Select the row that contains the role you want to grant or revoke, then click Assign or Revoke on the toolbar.

    Note:

    Select the row that contains the role; do not click the display name or role name in the table.

    Figure 3-7 Selecting a Role Row in the Roles Table

    Description of Figure 3-7 follows
    Description of "Figure 3-7 Selecting a Role Row in the Roles Table"

    Figure 3-8 Assign and Revoke Toolbar Icons

    Description of Figure 3-8 follows
    Description of "Figure 3-8 Assign and Revoke Toolbar Icons"

    The appropriate pre-seeded service role must be explicitly granted to individual users according to the service type and service instance they are allowed to access. Suppose you are granting a role to developers of the Database service mydbservice1, then you would select, for example, mydbservice1 Database Developer. For more information about pre-seeded roles, see Table 3-2, "Administrative Users and Their Pre-Seeded Roles and Privileges" and Table 3-3, "Non-Administrative Users and Their Pre-Seeded Roles and Privileges".

    Note:

    The Database Administrator role must be explicitly granted to any database developer who needs to use My Services in Oracle Cloud to monitor and manage Database cloud service usage.
  5. In the Grant or Revoke Role Membership dialog, click Search leaving the search bar blank to display all users. Alternatively, enter all or part of a user's first name, last name, or email in the field and click Search.

    Note:

    When granting roles, user accounts that already possess the role you selected do not show up in the Search results field.

    Figure 3-9 Grant Role Membership Dialog

    Description of Figure 3-9 follows
    Description of "Figure 3-9 Grant Role Membership Dialog"

  6. Select the row that contains the user you want to perform the action on. You can only select one user row.

  7. Click Assign or Revoke.

  8. Click OK when prompted in the Confirmation dialog.

Displaying Roles Assigned to Yourself and Others

All users can view the roles they have been assigned when they log in to Oracle Identity Console.

In addition to viewing their own roles, service administrators and identity domain administrators can display:

However the identity domain administrators' view in the Identity Console is limited to users in the identity domains that they have been designated to manage, and the service administrators' view is limited to users of the services that they been assigned to manage.

To display all roles assigned to a user:

  1. Log in to Oracle Identity Console using the identity domain that you want to work in.

  2. On the left navigation pane, click Manage Users.

  3. On the Manage Users page, click Search with the search field blank to display all users in the identity domain. Alternatively, enter all or part of a user first name, last name, or email in the field and click Search.

  4. Select a user by clicking the last name link.

    Figure 3-10 Selecting a Last Name in the Manage Users Page

    Description of Figure 3-10 follows
    Description of "Figure 3-10 Selecting a Last Name in the Manage Users Page"

    The User Details dialog appears, showing all the roles that have been granted to the selected user in the User Membership Roles section.

    Figure 3-11 User Membership Roles Section

    Description of Figure 3-11 follows
    Description of "Figure 3-11 User Membership Roles Section"

Changing Passwords and Password Challenge Questions

When you log in to Oracle Identity Console for the first time, the system prompts you to do the following:

For information about changing your password and setting password challenge questions the first time you log in, see "Logging In to Oracle Identity Console".

Changing Your Own Password

You are allowed to change your own password only. Only administrators are allowed to reset the passwords of other users.

To change your own password:

  1. Log in to Oracle Identity Console using the appropriate identity domain.

  2. On the left navigation pane, click My Profile.

  3. On the right pane, expand Change Password.

    Figure 3-12 Change Password Section

    Description of Figure 3-12 follows
    Description of "Figure 3-12 Change Password Section"

  4. Enter your old password in the Old password field.

  5. Enter a new password in the New password field.

    For password guidelines, see the Password Policy box on the right.

  6. Reenter your new password in the Confirm new password field.

  7. When done, click Apply.

Changing Your Password Challenge Questions

You must set and answer three password challenge questions. When you first log in you will be automatically prompted to set these questions. You can subsequently log in to the Oracle Identity Console to change your challenge questions at any time.

To set password challenge questions:

  1. Log in to Oracle Identity Console using the appropriate identity domain.

  2. On the left navigation pane, click My Information.

  3. On the right pane, expand Challenge Questions.

    Figure 3-13 Challenge Questions Section

    Description of Figure 3-13 follows
    Description of "Figure 3-13 Challenge Questions Section"

  4. Select a question from the drop down list, then enter your answer in the field next to it.

  5. Repeat the procedure for the second and third question.

  6. When done, click Apply.

Resetting Another User's Password

Only identity domain administrators can reset the passwords of other users, and only the passwords of users in their designated identity domains.

Users who have their passwords reset can change their temporary passwords the next time they log in.

To reset another user's password, see "To reset another user's password:".

What to Do When You Forget Your Password

If you forget your own password, you can reset the password yourself provided you:

  • Remember your identity domain and user ID

  • Answer correctly the three password challenge questions you registered in the identity management system.

To reset your own password:

  1. In your web browser, go to Oracle Identity Console.

  2. On the Sign In page, click Forgot Password.

  3. On the User Login page, enter your identity domain and user ID (for example, oracleusa1trial and user@somecompany.com). Then click Next.

    Figure 3-14 Password Management

    Description of Figure 3-14 follows
    Description of "Figure 3-14 Password Management"

  4. On the Challenge Questions page, enter your answer for each of the three password challenge questions. Then click Next.

  5. On the Reset Password page, enter a new password in the first field. Reenter the new password in the second field, then click Save.

    Password guidelines are provided in the box on the right.

  6. When prompted, click OK in the Message dialog.

    The system automatically logs you in after you close the dialog.

Where to Get Help

If you have any difficulty managing users, navigate to the Oracle Cloud home page:

http://cloud.oracle.com

Click the Chat Now or Contact Us links for assistance.

Getting help with your paid service subscription

If you have any difficulty with your paid Oracle Cloud service subscription, you can contact Oracle Support. Click Contact Us and then click Oracle Support, or navigate to:

http://support.oracle.com

You can also use the Chat Now live chat link to get immediate assistance from an Oracle representative, or use Contact Us for a telephone support number, link to Oracle Cloud forums, and a link to Oracle Support.

Getting help with your trial service

If you have any difficulty during your service trial, try the Chat Now live chat link to get immediate assistance from an Oracle support representative.

You can also click Contact Us for a link to the Oracle Cloud forums, where you can post a message or start a new thread in the Oracle Cloud Forum. Oracle product managers, development, support, and operations team members respond to threads on the forum.