Configuring Profile and Security Settings

Change your password, manage your profile information, manage applications to which you have been granted access, unlink your social accounts from your accounts, and access your consents.

Task Description Additional Information
Change your password. You can change your password whenever you need to or when it expires. Changing Your Password
Manage your profile information. You can set up your profile, set your primary email address, configure your account recovery factors, set up and manage your 2–Step Verification methods, and edit your profile information.

Setting Up or Modify Your Profile

Setting Your Email Options

Setting Your Account Recovery Options

Managing 2-Step Verification

Access and organize your applications. You can access and organize the applications to which you have been granted access. Accessing My Apps
Access your consents. You can list and revoke your consents. See Accessing Your Consents.

Using the Console

Changing Your Password

Passwords are valid only for the period specified by the password policy defined by your administrator. When your password expires, you must update your password to access IAM.

  1. Click your user avatar, and then select My Profile. In the My Profile console, click Change password.
  2. In the Current password field, enter your current password.
  3. In the New password field, enter a new password.
    Tip

    If you're using your password to sign in, then use the Password Criteria pane to confirm that your new password conforms to the password policy set by your administrator. If your password conforms to the policy, then each criterion displays a green check mark.

    If you're using your Microsoft Active Directory password to sign in to an identity domain, then your password policy criteria is defined and maintained by your Microsoft Active Directory administrator. Contact your administrator for more information about this criteria.

  4. In the Confirm new password field, reenter your new password.
  5. Click Save.
    You receive an email verification that your password was updated correctly.
Recovering Your Account

If you have trouble signing in, you're locked out, or you forget your password, then you can reset your password to recover your account.

There are three factors that you can set to regain access to your account. You can specify an alternate (recovery) email address, provide a mobile number, or select and answer security questions to verify your identity.

  1. In the identity domain login page, click the Click here link.
  2. In the Forgot Your Password? page, enter your username, and then click Next.
  3. Select the Recovery email, Mobile number, or Security questions account recovery method.
    1. If you select Recovery email, then a Password reset notification is sent to the recovery email address associated with your account. Follow the instructions in the notification to reset your password.
    2. If you select Mobile number, then a passcode is sent to the mobile number associated with your account. Enter the passcode, and then click Verify to reset your password.
    3. If you select Security questions, then one of the security questions that you set appears. Provide the answer to this security question, and then click Verify to reset your password.
Important

The factors that are available for you to select are dependent upon the selections you made when you set your account recovery options. For example, if you didn't set your mobile number as an account recovery factor, then you can’t use this factor to recover your account. It doesn't appear in the Forgot Your Password? page.

If Recovery email is the only account recovery method that you set, then you won't be prompted to select a method. Instead, the Password reset notification is sent to the recovery email address associated with your account.

If you haven't set any account recovery options, then the Password reset notification is sent to your primary email address.

Setting Up or Modify Your Profile

If you're signing in to an identity domain for the first time, then set up your profile information. If you already set up your profile, then you can modify this information.

Your profile includes the following types of information:

  • Account information: Your username, email address, full name, instant messaging address, and home and mobile phone numbers.
  • Work information: Your job title, your work address, phone number, and country, and your time zone and language (locale). The time zone and locale determine the time zone and language that displays for your account in an identity domain.
  • Other information: Your user type, employee number, organization name, division, department, and cost center.
  1. Click your user avatar, and then select My Profile. In the My Profile console, click Edit my profile and update any information, as necessary.
    For example, you can change the time zone and language that displays for your account.
  2. (Optional) If you have a multi-valued attribute for your profile, then a Values link appears to the right of the attribute. To populate this attribute with values:
    1. Click the Values link.
    2. In the popup window that appears, click Add.
    3. In the text box that appears, enter a value for the attribute.
    4. Repeat steps b and c to add other values for the attribute.
      Tip

      To remove an existing value from the attribute, click the X button to the right of the value.
    5. Click OK. The counter to the right of the Values link changes to reflect the updated number of values for the attribute.
  3. Click Save.
Setting Your Email Options

You can change the primary email address that was set up for you when your account was created.

The primary email address is the email address to which all your notifications are sent. Your administrator has already set your primary email address.

  1. Click your user avatar, and then select My Profile. In the My Profile console, click More Actions, and then select  Edit email.
  2. Click Change.
  3. In the Change primary email dialog box, enter your password, and then click Verify.
  4. In the New primary email field, enter a new email address.
  5. Click Change primary email.

A verification email is sent to your new email address. To verify your email address, follow the instructions in the email. Also, an update email notification is sent to your old email address.

Note

In addition to your primary email address, you can set an alternate (recovery) email address that you can use to help you recover your account.
Setting Your Account Recovery Options

If you didn’t set your account recovery options the first time you signed in to an identity domain, then you can do so from the Security tab of the My Profile console. This way, if you have trouble signing in, you’re locked out, or you forget your password, then you can regain access to your account.

You can set the following account recovery factors:

  • Recovery email: By default, your primary email address has been set as the email address that IAM uses to help you recover your account. If you have to regain access, then IAM sends a notification to this email address. Follow the instructions in the notification to recover your account. Instead of your primary email address, you can specify an alternate (recovery) email address to regain access.

  • Mobile number: You can provide a mobile number that IAM uses to help you recover your account. This way, if you have to regain access, then IAM sends a one-time passcode in a text message to this mobile number. You enter this passcode to recover your account.

  • Security questions: You can select and answer security questions, and provide hints for answers to these questions, to verify your identity. If you have to recover your account, then you must answer these questions correctly to regain access.

Important

The account recovery factors that are available for you to set are dependent upon the selections your identity domain administrator or security administrator made when they set up account recovery for your identity domain. For example, if your administrator deactivated mobile number as an account recovery factor, then you can’t use this factor to recover your account. It doesn't appear in the Security tab of the My Profile console. See Configure Account Recovery.

Because you want to be able to regain access to your account, you must set at least one account recovery factor.

Setting a Recovery Email Address as an Account Recovery Factor

By default, your primary email address has been set as the email address that IAM uses to help you recover your account. If you have to regain access, then IAM sends a notification to this email address. Follow the instructions in the notification to recover your account. Instead of your primary email address, you can specify an alternate (recovery) email address to regain access.

  1. Click your user avatar, and then select My Profile. In the My Profile console, click Security.
  2. In the Recovery email pane, click the Actions menu .
  3. Select Edit.
  4. In the Change recovery email dialog box, enter your password for security purposes, and then click Verify password.
  5. In the New recovery email field, enter a different email address to use to recover your account, and then click Change recovery email.
    IAM sends a verification notification to this email address.
    Tip

    If you didn’t receive the notification, then in the Recovery options page, click Resend email. IAM resends the notification to the email address you provided in step 5.
  6. In your Inbox, open the verification notification, and then click the Email verification link.
  7. In the Email verified page, click the Click here to continue link.
  8. In the Recovery email pane of the Account recovery options section, verify that you see the recovery email address that you provided in step 5.
Setting Your Mobile Number as an Account Recovery Factor

You can provide a mobile number that IAM uses to help you recover your account. This way, if you have to regain access, then IAM sends a one-time passcode in a text message to this mobile number. You enter this passcode to recover your account.

  1. Click your user avatar, and then select My Profile. In the My Profile console, click Security.
  2. In the Mobile number pane, click the Actions menu.
  3. Select Configure.
    Note

    If you don’t see Configure, then you have already set your mobile number as an account recovery factor.
  4. In the Mobile number field of the Mobile number dialog box, select a country code for your mobile number, enter the mobile number to use to recover your account, and then click Text me.
    IAM sends a passcode in a text message to this mobile number.
    Note

    Don’t enter any non-numeric characters for your mobile number. For example, if your mobile number is 212-555-1212, then enter 2125551212.
  5. After you receive the passcode, enter the passcode in the text field that appears below the Mobile number field, and then click Verify.
    Note

    If you didn’t receive the passcode, then click Resend. IAM resends the passcode to your mobile number.
Setting Security Questions as an Account Recovery Factor

You can select and answer security questions, and provide hints for answers to these questions, to verify your identity. If you have to recover your account, then you must answer these questions correctly to regain access.

  1. Click your user avatar, and then select My Profile. In the My Profile console, click Security.
  2. In the Security questions pane, click Configure.
    Note

    If you don’t see Configure in this pane, then you have already set security questions as an account recovery factor.
  3. In the Security questions dialog box, select your security questions, provide answers and optional answer hints, and then click Save.
    Tip

    After you provide an answer to a security question, click Reveal Reveal button. Your answer appears in clear text, and you can verify that you entered it correctly.
Modify Your Recovery Email Address

You can change the email address that IAM uses to help you recover your account if you have to regain access.

To modify your recovery email address, follow the instructions in Set a Recovery Email Address as an Account Recovery Factor.

Modifying Your Mobile Number

You can change the mobile number that IAM uses to help you recover your account if you have to regain access.

  1. Click your user avatar, and then select My Profile. In the My Profile console, click Security.
  2. In the Mobile number pane, click the Actions menu .
    Note

    If you don’t see the Actions menu in this pane, then you have not set your mobile number as an account recovery factor.
  3. Select Edit.
  4. In the Mobile number field of the Mobile number dialog box, select a different country code for your mobile number or enter the updated mobile number to use to recover your account, and then click Text me.
    IAM sends a passcode in a text message to this mobile number.
    Note

    Don’t enter any non-numeric characters for your mobile number. For example, if your mobile number is 212-555-1212, then enter 2125551212.
  5. After you receive the passcode, enter the passcode in the text field that appears below the Mobile number field, and then click Verify.
    Note

    If you didn’t receive the passcode, then click Resend. IAM resends the passcode to your mobile number.
Modifying Your Security Questions

You can change the security questions, answers, and hints that IAM uses to help you recover your account if you have to regain access.

  1. Click your user avatar, and then select My Profile. In the My Profile console, click Security.
  2. In the Security questions pane, click the Actions menu.
    Note

    If you don’t see the Actions menu in this pane, then you have not set security questions as an account recovery factor.
  3. Select Edit.
  4. In the Security questions dialog box, select different security questions, provide other answers and optional answer hints, and then click Save.
    Tip

    After you provide an answer to a security question, click Reveal Reveal button. Your answer appears in clear text, and you can verify that you entered it correctly.
Removing Your Mobile Number as an Account Recovery Factor

If you no longer want to use your mobile number to recover your account if you have to regain access, then you can remove it as an account recovery factor.

  1. Click your user avatar, and then select My Profile. In the My Profile console, click Security.
  2. In the Mobile Number pane, click the Actions menu.
    Note

    If you don’t see the Actions menu in this pane, then you have not set your mobile number as an account recovery factor.
  3. Select Remove.
  4. Confirm the removal.
Removing Security Questions as an Account Recovery Factor

If you no longer want to use security questions to recover your account if you have to regain access, then you can remove them as an account recovery factor.

  1. Click your user avatar, and then select My Profile. In the My Profile console, click Security.
  2. In the Security questions pane, click the Actions menu.
    Note

    If you don’t see the Actions menu in this pane, then you have not set your mobile number as an account recovery factor.
  3. Select Remove.
  4. Confirm the removal.
Managing Group and Application Access

After you request group and application access from the Catalog page you can view your access and requests from the My Profile page.

Requesting Group and Application Access

Request access to groups to which you want to be a member and to applications to which you want use. If you do not see the group or application on the Catalog page, the administrator has not allowed the group or application to be requested. To make the group or application accessible, contact your administrator.
  1. Click your user avatar, and then select My Profile. In the My Profile console, click My groups to request access to a group or My applications to request access to an application.
  2. Click Request access to a new group or Request access to a new application.
  3. In the Catalog page, select either Groups or Applications.
  4. Click the plus (+) sign for the group or application to which you want access.
  5. In the Add Access dialog box, enter the reason for the request, and then click OK.
    Two emails are sent to you.
    • The first email verifies your request. To go to the My requests tab and verify that your request has been submitted, click the My requests link in the email.

    • The second email verifies your access. To go to the My access tab and verify that your access has been granted, click the My access link in the email.

Viewing Group and Application Access

Click your user avatar, and then select My Profile. In the My Profile console, click My groups or My applications.
The groups and applications that you have access to are listed.
Viewing Group and Application Access Requests

Viewing your requests for group and application access, in the My Profile console, click My requests. Your group and application access requests are listed.

For each request, the following information is displayed:
  • The name of the group or application.

  • The justification you entered while requesting for the group or application

  • The date and time when you submitted the request

  • The status of each request to denote that you have been granted access to the group or application.

Generating Personal Access Tokens

An access token is an authorization that's used by a client application to access an API or a resource application within a limited period.

The time-bound access tokens inform the resource application that the client is authorized to access the application and perform specific actions specified by the scope that's granted.

You can download access tokens only if an identity domain administrator assigns administrator roles or resource applications to your user account.

To generate personal access tokens:

  1. Click your user avatar, and then select My Profile. In the My Profile console, click My access tokens.
  2. You can download an access token in the following ways:
    • Select Invokes Identity Domains APIs to specify the available administrator roles that are assigned to you. The APIs from the specified administrator roles will be included in the token.
    • Select Invokes other APIs to select confidential applications that are assigned to your account.
      1. Click Select an application to add a configured confidential resource application. On the Select an application window, the list of assigned confidential applications displays.
      2. Click applications to select them, and then click Add. The My access tokens page lists the added applications.
  3. In the Token Expires in mins field, select or enter how long (in minutes) the access token you're generating can be used before it expires. You can choose to keep the default number or specify between 1 and 527,040.
  4. Click Download token. The access token is generated and downloaded to your local machine as a tokens.tok file.
Accessing Your Consents

For some applications, you must agree to the terms of use so that you can access them. Also, application resources might require consent so that client applications can access these resources. You can view and revoke the terms of use and consents of applications you have agreed upon.

The My consents page of the My Profile console lists two types of applications:

  • Applications you have agreed to the terms of use.
  • Applications you have consented access to resources.

The Terms of use consents section in the My consents page of the My Profile console is associated with consents that you agreed to upon accessing applications protected by IAM.

The Application consents section of this page refers to OAuth consents that you allowed applications to access, for resource scopes that require consent.

  1. Click your user avatar, and then select My Profile. In the My Profile console, click My consents.
    The page shows the list of applications that you have agreed to the terms of use, and the list of applications you have allowed consent.
  2. For both the Terms of use consents and Application consents sections, perform the following:
    • Open the terms of use consent: Click one of the application names. The Terms of use page opens and displays the statement of the consent that you agreed upon for the application.
    • Revoke: Select the check box in front of the application name, and then click Revoke.

      Alternatively, you can click the Actions menu option of the application, and then click Revoke.

      In the Confirmation window, click OK to confirm you want to revoke the terms of use consent.

Accessing My Apps

Use the My Apps page to access and organize applications.

Applications that show in the My Apps page are applications to which the administrator has granted you access. Access can be granted to you as an individual user or to a group to which you belong. You are directed to the My Apps page after you activate your account and each time you log in thereafter.
  1. Click your user avatar, and then select My Profile. In the My Profile console, click More Actions, and then select  Applications launcher.
  2. Search for applications by entering a string that begins the application name.
  3. Set your favorites.
  4. Sort applications by Name and Recently granted.
  5. To access an application, click the application tile or the application name to be taken to the home page of the application. Bookmark application homepages so that you can access the applications directly.
Using Form Fill Applications

Store your application credentials using form fill apps so that you have one click access to the websites you use most.

For applications where your administrator enables the Oracle Secure Form Fill plugin, collects your credentials the first time you access the app from the My Apps page, and then seamlessly logs you in on future accesses.

Prerequisite: You must be using a Google Chrome or Mozilla Firefox browser.
Note

Internet Explorer and Edge are not supported.
Installing the Oracle Form-Fill Plugin

Learn when and how to install the plugin that's required to use form fill apps.

When your administrator grants you access to an application that requires the Oracle Form Fill Plugin, you see a prompt to install the plugin the next time you open the My Apps page.

Follow the steps below to install the plugin after you see the prompt in My Apps.

  1. Click your user avatar, and then select My Profile. In the My Profile console, click More Actions, and then select  Applications launcher.
  2. If you see a message at the top of the page that says, "One or more applications granted to you requires the Secure Form Fill Plugin...", proceed with the steps below to install the form fill plugin.

    If you don't see the message:

  3. Click Install Plugin at top right.

    You might need to disable pop-up blocking to proceed.

  4. Follow browser-specific instructions to complete the plugin installation.
    • In Google Chrome, click the Add to Chrome button.
    • In Firefox:

      1. Save the plugin file (stf.xpi) locally.
      2. In the file system, right-click the file and open it with Firefox.
  5. On the My Apps page, refresh the browser window after completing the plugin installation.
  6. Click the icon for an app that requires the form fill plugin.

    In the Enter Credentials dialog box that opens in front of the My Apps page, enter your credentials and click OK to proceed to the application's home page.

    Note

    If instead of the Enter Credentials dialog box you see the application's login page – the app doesn't support the form fill plugin.

You can now access form fill applications from the My Apps page:

  1. The first time you access a form fill application:
    1. Instead of going to the application's login page, an Enter Credentials dialog box opens in front of the My Apps page.
    2. Enter the login credentials for the application in the Enter Credentials dialog box and click Login.

      The Oracle Form Fill Plugin captures your credentials and logs you in to the application.

  2. When you access the same form fill application from My Apps in the future, you are automatically logged in to the application.
    Note

    If you later change your login credentials in the application, you must update your credentials from the application tile on the My Apps page.

Updating Credentials for a Form Fill Application

If you change your login credentials with an application that uses the Oracle Form Fill Plugin, you must update your credentials from the My Apps page.

After the first time you access a form fill application from the My Apps page, the Oracle Form Fill Plugin automatically logs you in to that application in the future. But when you change your login credentials within the application, the automatic login using your old credentials fails, and you must manually enter your credentials in the application's login page.

To restore your automatic login through the form fill plugin:

  1. Click your user avatar, and then select My Profile. In the My Profile console, click More Actions, and then select  Applications launcher.
  2. Locate the form fill application for which your credentials have changed.
  3. Click the gear icon in the bottom-right corner of the application's tile and select Update Credentials.
  4. Enter your current login credentials and click Save.