Oracle Cloud Infrastructure Documentation

Changing Session Settings

Identity domain session settings in IAM include setting the session duration; the URLs for login, logout, errors, and social callback; the authentication flow for accessing an identity domain, such as keeping the user signed in; and CORS settings.

  1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
  2. Click the name of the identity domain that you want to work in. You might need to change the compartment to find the domain that you want.
  3. On the domain details page, click Settings.
  4. On the Settings page, click Session settings.
  5. Set session limits.
    1. To set the duration for which the user's session is valid, enter a value between 1 and 32,767 in Session duration (in minutes). The user's session times out after the session duration has been reached regardless of actual user activity or inactivity.
    2. To set the duration after which a user is automatically signed out of the My Apps console of this identity domain because of inactivity, enter a value between 5 and 480 in My Apps idle timeout (in minutes).
      Set the Oracle Cloud Console timeout in the Profile menu. See Managing My Profile Information and Settings.
  6. Set customer endpoint settings.
    1. Enter the sign-in URL where you want the user redirected to sign in.
    2. To allow sign-in customization for the Admin Console, select Allow custom sign-in page.
    3. To show only the username field on the Sign In page, select Enable username first flow.
      This allows the user to use passwordless authentication by entering only their username.
    4. Choose whether users see a session picker or a domain picker when they sign in.
      • The session pickers shows the user all active and historical sessions in different domains in the tenancy in the browser. To show the session picker, select Enable Session Picker for OCI console. This option is selected by default.
      • The domain picker shows the user all domains available in the tenancy. To show the domain picker, unselect Enable Session Picker for OCI console.
    5. Enter a Sign-out URL. For example, to redirect the user to the My profile console, enter /ui/v1/myconsole.
    6. In the Error URL field, enter the tenant-specific error page URL to which a user is redirected after an error. This URL is used when the application-specific custom error URL isn’t specified for an application.
    7. In Social linking callback URL, enter the URL to redirect to after linking a user between social providers and IAM is complete. This URL is used when the application-specific social linking callback URL isn’t specified for an application.
  7. Set data sharing settings.
    1. Select Allow cross-origin resource sharing (CORS). CORS allows client applications from one domain to obtain data from another domain. If you select this option, you might also want to set the Allowed CORS domain names option.
    2. Leave the Show the specific error message for login policy violation option on.
      This option is turned on by default and allows the system to display the specific policy-violation error-message if the login policy is violated. If the option is turned off, the system displays the standard error message.
    3. Select Enable Keep me signed in. This option allows users to stay signed in to the identity domain. If you select this option, a Keep me signed in option displays on the sign-in page for users to enable it for their account. Customize Keep me signed in using the following options.
      • Keep me signed in duration (days). Enter how many days users can stay signed in before they’re automatically signed out.
      • Reauthentication interval (days). Enter the interval at which a user must reauthenticate if a user hasn’t signed in using Keep me signed in.
      • Maximum keep me signed-in sessions. Enter the maximum number of signed-in sessions that a user can have.
  8. Click Save changes.