Managing Domain Settings

Domain settings are applied to this identity domain in the Cloud. You can specify settings such as the time zone, password recovery email, and language.

Required Policy or Role

To change domain settings, you must have one of the following access grants:
  • Be a member of the Administrators group
  • Be granted the Identity Domain Administrator role or the Security Administrator role
  • Be a member of a group granted manage domains

To understand more about policies and roles, see The Administrators Group, Policy, and Administrator Roles, Understanding Administrator Roles, and Understanding Policies.

Using the Console

Changing Domain settings
  1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
  2. Select the identity domain you want to work in and click Settings and then Domain settings.
  3. Set the locale. Users can override the default time zone and language settings in the My Profile Details tab in the My Profile console.
    • To specify a default time zone, from the Time zone settings list, select a time zone.
    • To specify a default language, from the Language settings list, select a language.
      Important

      Choose the language of the target audience. Do not choose a country-specific language unless you are targeting a specific country. For example, choose French to display the text to all French users. Choose French (Canada) to display the text to all Canadian French users but not other French speaking users.
  4. Set the Access signing certificate option.
    • Select Configure client access to allow clients to access the tenant signing certificate and the SAML metadata without logging in to the identity domain.
    • Deselect Configure client access to prevent clients from accessing the tenant signing certificate and the SAML metadata until they authenticate by logging in to the identity domain.
  5. Set Contact information. In the Email Addresses field, provide the default contact email addresses.
    These email addresses appear in notifications sent to users. Enter the email addresses that you want users to contact if they need help. To separate multiple email addresses, use a comma.
  6. Configure the Audit option. Select Configure audit retention period as either 30, 60 or 90 days. The tenant purges the audit data for all the users, based on the interval set here.
    As an administrator, when you delete a user, you can manually purge the audit data of that user by entering the user's OCID in Enter the OCID of the deleted user to purge audit data The entire audit data of that user is permanently deleted from the Tenant.
  7. Set User settings. Select Primary email address required when one is needed in order to create a user profile.
  8. Click Save changes.
Purging Audit Data for a Deleted User
When you delete a user, the audit data of the user remains in the system. Using Purge option, you can manually and immediately purge the audit data of that deleted user.
  1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
  2. Select the identity domain you want to work in and click Settings and then Domain settings.
  3. Under the Audit section, in the Purge audit data for the deleted user text box, enter the OCID of the deleted user and click Purge.
Obtaining the Root CA Certificate
When you set up service providers and identity providers for Federated SSO, you need to download the metadata file and the signing and encryption certificates. However, these certificates are not self-signed and are issued by a root certificate. Hence, for a proper setup and function, you need to get the root certificate and install it at the Federation partner. Follow this procedure to obtain the root certificate.
  1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
  2. Select the identity domain you want to work in and click Settings and then Domain settings.
  3. Turn on the switch under Access Signing Certificate to enable clients to access the tenant signing certificate without logging in to IAM.
  4. Click Save to save the default settings.
  5. Refer to the REST API document for the detailed installation of cURL.
  6. Use this URL https://tenant-base-url/admin/v1/SigningCert/jwk as the endpoint.
  7. Run the following cURL command to save the root certification file:

    curl -k -i -H "Accept: application/scim+json,application/json" --request GET "https://tenant-base-url/admin/v1/SigningCert/jwk"

    After you run the command, the following code is returned:

    the result of the cURL command execution

  8. Open a Notepad and paste the key in the following manner:
    -----BEGIN CERTIFICATE-----
    [Paste the highlighted key here]
    -----END CERTIFICATE-----

    For example, (abbreviated):

    -----BEGIN CERTIFICATE-----

    "MIIDdDCCAlygAwIBAgIGAVw4Ns68MA0GCS......./VaWgoMQ6J9t9CLarai"

    -----END CERTIFICATE-----

  9. Save this file as your root certification file.