Namespace Oci.IdentityService.Models
Classes
AddLockDetails
Request payload to add lock to the resource.
AddUserToGroupDetails
AllowedDomainLicenseTypeSummary
(For tenancies that support identity domains) The 'AllowedDomainLicenseTypeSummary' object contains information about the license type of the identity domain.
ApiKey
A PEM-format RSA credential for securing requests to the Oracle Cloud Infrastructure REST API. Also known
as an API signing key. Specifically, this is the public key from the key pair. The private key remains with
the user calling the API. For information about generating a key pair
in the required PEM format, see Required Keys and OCIDs.
Important: This is not the SSH key for accessing compute instances.
Each user can have a maximum of three API signing keys.
For more information about user credentials, see User Credentials.
AuthenticationPolicy
Authentication policy, currently set for the given compartment.
AuthToken
An AuthToken is an Oracle-generated token string that you can use to authenticate with third-party APIs
that do not support Oracle Cloud Infrastructure's signature-based authentication. For example, use an AuthToken
to authenticate with a Swift client with the Object Storage Service.
The auth token is associated with the user's Console login. Auth tokens never expire. A user can have up to two
auth tokens at a time.
Note: The token is always an Oracle-generated string; you can't change it to a string of your choice.
For more information, see Managing User Credentials.
AvailabilityDomain
One or more isolated, fault-tolerant Oracle data centers that host cloud resources such as instances, volumes, and subnets. A region contains several Availability Domains. For more information, see Regions and Availability Domains.
BaseTagDefinitionValidator
Validates a definedTag value. Each validator performs validation steps in addition to the standard
validation for definedTag values. For more information, see
Limits on Tags.
If you define a validator after a value has been set for a defined tag, then any updates that
attempt to change the value must pass the additional validation defined by the current rule.
Previously set values (even those that would fail the current validation) are not updated. You can
still update other attributes to resources that contain a non-valid defined tag.
To clear the validator call UpdateTag with
DefaultTagDefinitionValidator.
BaseTagDefinitionValidatorModelConverter
BulkActionResource
The bulk action resource entity.
BulkActionResourceType
BulkActionResourceTypeCollection
Collection of resource-types supported by a compartment bulk action.
BulkDeleteResourcesDetails
BulkDeleteTagsDetails
Properties for deleting tags in bulk
BulkEditOperationDetails
BulkEditResource
BulkEditTagsDetails
BulkEditTagsResourceType
BulkEditTagsResourceTypeCollection
The list of resource types that support bulk editing of tags.
BulkMoveResourcesDetails
ChangeDomainCompartmentDetails
ChangeDomainLicenseTypeDetails
(For tenancies that support identity domains) Details for updating the license type of the identity domain.
ChangeTagNamespaceCompartmentDetail
Details of the compartment the resource is being moved to.
ChangeTasDomainLicenseTypeDetails
(For tenancies that support identity domains) Update the identity domain license type.
Compartment
A collection of related resources. Compartments are a fundamental component of Oracle Cloud Infrastructure
for organizing and isolating your cloud resources. You use them to clearly separate resources for the purposes
of measuring usage and billing, access (through the use of IAM Service policies), and isolation (separating the
resources for one project or business unit from another). A common approach is to create a compartment for each
major part of your organization. For more information, see
Overview of IAM and also
Setting Up Your Tenancy.
To place a resource in a compartment, simply specify the compartment ID in the "Create" request object when
initially creating the resource. For example, to launch an instance into a particular compartment, specify
that compartment's OCID in the LaunchInstance request. You can't move an existing resource from one
compartment to another.
To use any of the API operations, you must be authorized in an IAM policy. If you're not authorized,
talk to an administrator. If you're an administrator who needs to write policies to give users access,
see Get Started with Policies.
Warning: Oracle recommends that you avoid using any confidential information when you supply string values
using the API.
CreateApiKeyDetails
CreateAuthTokenDetails
CreateCompartmentDetails
CreateCustomerSecretKeyDetails
CreateDbCredentialDetails
CreateDomainDetails
(For tenancies that support identity domains) Details for creating an identity domain.
CreateDynamicGroupDetails
Properties for creating a dynamic group.
CreateGroupDetails
CreateIdentityProviderDetails
CreateIdentityProviderDetailsModelConverter
CreateIdpGroupMappingDetails
CreateNetworkSourceDetails
Properties for creating a network source object.
CreateOAuth2ClientCredentialDetails
CreatePolicyDetails
CreateRegionSubscriptionDetails
CreateSaml2IdentityProviderDetails
CreateSmtpCredentialDetails
CreateSwiftPasswordDetails
CreateTagDefaultDetails
CreateTagDetails
CreateTagNamespaceDetails
CreateUserDetails
CustomerSecretKey
A CustomerSecretKey is an Oracle-provided key for using the Object Storage Service's
Amazon S3 compatible API. The key consists of a
secret key/access key pair. A user can have up to two secret keys at a time.
Note: The secret key is always an Oracle-generated string; you can't change it to a string of your choice.
For more information, see Managing User Credentials.
CustomerSecretKeySummary
As the name suggests, a CustomerSecretKeySummary object contains information about a CustomerSecretKey.
A CustomerSecretKey is an Oracle-provided key for using the Object Storage Service's Amazon S3 compatible API.
DbCredential
Database credentials are needed for onboarding cloud database to identity. The DB credentials are used for DB authentication with the service.
DbCredentialSummary
As the name suggests, an DbCredentialSummary object contains information about an DbCredential.
The DB credential is used for DB authentication with
the [DB Service].
DefaultTagDefinitionValidator
Use this validator to clear any existing validator on the tag key definition with the UpdateTag
operation. Using this validatorType is the same as not setting any value on the validator field.
The resultant value for validatorType returned in the response body is null.
Domain
(For tenancies that support identity domains) Properties for an identity domain. An identity domain is used to manage users and groups, integration standards, external identities, and secure application integration through Oracle Single Sign-on (SSO) configuration.
DomainReplication
(For tenancies that support identity domains) Identity domain replication states.
DomainReplicationStates
(For tenancies that support identity domains) The identity domain replication log for all identity domains for a given region.
DomainSummary
(For tenancies that support identity domains) As the name suggests, a DomainSummary object contains information about a Domain.
DynamicGroup
A dynamic group defines a matching rule. Every bare metal or virtual machine instance is deployed with an instance certificate.
The certificate contains metadata about the instance. This includes the instance OCID and the compartment OCID, along
with a few other optional properties. When an API call is made using this instance certificate as the authenticator,
the certificate can be matched to one or multiple dynamic groups. The instance can then get access to the API
based on the permissions granted in policies written for the dynamic groups.
This works like regular user/group membership. But in that case, the membership is a static relationship, whereas
in a dynamic group, the membership of an instance certificate to a dynamic group is determined during runtime.
For more information, see Managing Dynamic Groups.
Warning: Oracle recommends that you avoid using any confidential information when you supply string values using
the API.
EnableReplicationToRegionDetails
(For tenancies that support identity domains) Identity domain replication request packet.
EnumTagDefinitionValidator
Used to validate the value set for a defined tag and contains the list of allowable values.
You must specify at least one valid value in the values array. You can't have blank or
or empty strings (\"\"). Duplicate values are not allowed.
FaultDomain
A Fault Domain is a logical grouping of hardware and infrastructure within an Availability Domain that can become unavailable in its entirety either due to hardware failure such as Top-of-rack (TOR) switch failure or due to planned software maintenance such as security updates that reboot your instances.
FullyQualifiedScope
Group
A collection of users who all need the same type of access to a particular set of resources or compartment.
For conceptual information about groups and other IAM Service components, see
Overview of IAM.
If you're federating with an identity provider (IdP), you need to create mappings between the groups
defined in the IdP and groups you define in the IAM service. For more information, see
Identity Providers and Federation. Also see
{@link IdentityProvider} and
{@link IdpGroupMapping}.
To use any of the API operations, you must be authorized in an IAM policy. If you're not authorized,
talk to an administrator. If you're an administrator who needs to write policies to give users access,
see Get Started with Policies.
Warning: Oracle recommends that you avoid using any confidential information when you supply string values
using the API.
IamWorkRequest
(For tenancies that support identity domains) An IAM work request object that allows users to track the status of asynchronous API requests.
IamWorkRequestErrorSummary
(For tenancies that support identity domains) An error encountered while executing an operation that is tracked by a IAM work request.
IamWorkRequestLogSummary
(For tenancies that support identity domains) The log entity for a IAM work request.
IamWorkRequestResource
(For tenancies that support identity domains) A IAM work request resource entry.
IamWorkRequestSummary
(For tenancies that support identity domains) The IAM work request summary. Tracks the status of asynchronous operations.
IdentityProvider
The resulting base object when you add an identity provider to your tenancy. A
{@link Saml2IdentityProvider}
is a specific type of IdentityProvider that supports the SAML 2.0 protocol. Each
IdentityProvider object has its own OCID. For more information, see
Identity Providers and Federation.
To use any of the API operations, you must be authorized in an IAM policy. If you're not authorized,
talk to an administrator. If you're an administrator who needs to write policies to give users access,
see Get Started with Policies.
Warning: Oracle recommends that you avoid using any confidential information when you supply string
values using the API.
IdentityProviderGroupSummary
A group created in an identity provider that can be mapped to a group in OCI
IdentityProviderModelConverter
IdpGroupMapping
A mapping between a single group defined by the identity provider (IdP) you're federating with
and a single IAM Service {@link Group} in Oracle Cloud Infrastructure.
For more information about group mappings and what they're for, see
Identity Providers and Federation.
A given IdP group can be mapped to zero, one, or multiple IAM Service groups, and vice versa.
But each IdPGroupMapping object is between only a single IdP group and IAM Service group.
Each IdPGroupMapping object has its own OCID.
Note: Any users who are in more than 50 IdP groups cannot be authenticated to use the Oracle
Cloud Infrastructure Console.
ImportStandardTagsDetails
MfaTotpDevice
Users can enable multi-factor authentication (MFA) for their own user accounts. After MFA is enabled, the
user is prompted for a time-based one-time password (TOTP) to authenticate before they can sign in to the
Console. To enable multi-factor authentication, the user must register a mobile device with a TOTP authenticator app
installed. The registration process creates the MfaTotpDevice object. The registration process requires
interaction with the Console and cannot be completed programmatically. For more information, see
Managing Multi-Factor Authentication.
MfaTotpDeviceSummary
As the name suggests, a MfaTotpDeviceSummary object contains information about a MfaTotpDevice.
MfaTotpToken
Totp token for MFA
MoveCompartmentDetails
NetworkPolicy
Network policy, which consists of a list of network source IDs.
NetworkSources
A network source specifies a list of source IP addresses that are allowed to make authorization requests. Use the network source in policy statements to restrict access to only requests that come from the specified IPs. For more information, see Managing Network Sources.
NetworkSources_virtualSourceList
NetworkSourcesSummary
A network source specifies a list of source IP addresses that are allowed to make authorization requests. Use the network source in policy statements to restrict access to only requests that come from the specified IPs. For more information, see Managing Network Sources.
OAuth2ClientCredential
User can define Oauth clients in IAM, then use it to generate a token to grant access to app resources.
OAuth2ClientCredentialSummary
User can define Oauth clients in IAM, then use it to generate a token to grant access to app resources.
PasswordPolicy
Password policy, currently set for the given compartment.
Policy
A document that specifies the type of access a group has to the resources in a compartment. For information about
policies and other IAM Service components, see
Overview of IAM. If you're new to policies, see
Get Started with Policies.
The word "policy" is used by people in different ways:
- An individual statement written in the policy language
- A collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it)
- The overall body of policies your organization uses to control access to resources
To use any of the API operations, you must be authorized in an IAM policy. If you're not authorized, talk to an administrator.
Warning: Oracle recommends that you avoid using any confidential information when you supply string values using the API.
Region
A localized geographic area, such as Phoenix, AZ. Oracle Cloud Infrastructure is hosted in regions and Availability
Domains. A region is composed of several Availability Domains. An Availability Domain is one or more data centers
located within a region. For more information, see Regions and Availability Domains.
To use any of the API operations, you must be authorized in an IAM policy. If you're not authorized,
talk to an administrator. If you're an administrator who needs to write policies to give users access,
see Get Started with Policies.
RegionSubscription
An object that represents your tenancy's access to a particular region (i.e., a subscription), the status of that
access, and whether that region is the home region. For more information, see Managing Regions.
To use any of the API operations, you must be authorized in an IAM policy. If you're not authorized,
talk to an administrator. If you're an administrator who needs to write policies to give users access,
see Get Started with Policies.
RemoveLockDetails
Request payload to remove lock to the resource.
ReplicatedRegionDetails
(For tenancies that support identity domains) Properties for a region where a replica for the identity domain exists.
ResourceLock
Resource locks are used to prevent certain APIs from being called for the resource. A full lock prevents both updating the resource and deleting the resource. A delete lock prevents deleting the resource.
Saml2IdentityProvider
A special type of {@link IdentityProvider} that supports the SAML 2.0 protocol. For more information, see Identity Providers and Federation.
ScimClientCredentials
The OAuth2 client credentials.
SmtpCredential
Simple Mail Transfer Protocol (SMTP) credentials are needed to send email through Email Delivery.
The SMTP credentials are used for SMTP authentication with the service. The credentials never expire.
A user can have up to 2 SMTP credentials at a time.
Note: The credential set is always an Oracle-generated SMTP user name and password pair;
you cannot designate the SMTP user name or the SMTP password.
For more information, see Managing User Credentials.
SmtpCredentialSummary
As the name suggests, an SmtpCredentialSummary object contains information about an SmtpCredential.
The SMTP credential is used for SMTP authentication with
the Email Delivery Service.
StandardTagDefinitionTemplate
The template of the tag definition. This object includes necessary details to create the provided standard tag definition.
StandardTagNamespaceTemplate
The template of the standard tag namespace. This object includes necessary details to create the provided standard tag namespace.
StandardTagNamespaceTemplateSummary
The template of the standard tag namespace. This object includes necessary details to create the provided standard tag namespace.
SwiftPassword
Deprecated. Use {@link AuthToken} instead.
Swift is the OpenStack object storage service. A SwiftPassword is an Oracle-provided password for using a
Swift client with the Object Storage Service. This password is associated with
the user's Console login. Swift passwords never expire. A user can have up to two Swift passwords at a time.
Note: The password is always an Oracle-generated string; you can't change it to a string of your choice.
For more information, see Managing User Credentials.
Tag
A tag definition that belongs to a specific tag namespace. "Defined tags" must be set up in your tenancy before
you can apply them to resources.
For more information, see Managing Tags and Tag Namespaces.
Warning: Oracle recommends that you avoid using any confidential information when you supply string values
using the API.
TagDefault
Tag defaults let you specify a default tag (tagnamespace.tag="value") to apply to all resource types
in a specified compartment. The tag default is applied at the time the resource is created. Resources
that exist in the compartment before you create the tag default are not tagged. The TagDefault object
specifies the tag and compartment details.
Tag defaults are inherited by child compartments. This means that if you set a tag default on the root compartment
for a tenancy, all resources that are created in the tenancy are tagged. For more information about
using tag defaults, see Managing Tag Defaults.
To use any of the API operations, you must be authorized in an IAM policy. If you're not authorized,
talk to an administrator.
TagDefaultSummary
Summary information for the specified tag default.
TaggingWorkRequest
The asynchronous API request does not take effect immediately. This request spawns an asynchronous workflow to fulfill the request. WorkRequest objects provide visibility for in-progress workflows.
TaggingWorkRequestErrorSummary
The error entity.
TaggingWorkRequestLogSummary
The log entity.
TaggingWorkRequestSummary
The work request summary. Tracks the status of the asynchronous operation.
TagNamespace
A managed container for defined tags. A tag namespace is unique in a tenancy. For more information,
see Managing Tags and Tag Namespaces.
Warning: Oracle recommends that you avoid using any confidential information when you supply string values
using the API.
TagNamespaceSummary
A container for defined tags.
TagSummary
A tag definition that belongs to a specific tag namespace.
Tenancy
The root compartment that contains all of your organization's compartments and other
Oracle Cloud Infrastructure cloud resources. When you sign up for Oracle Cloud Infrastructure,
Oracle creates a tenancy for your company, which is a secure and isolated partition
where you can create, organize, and administer your cloud resources.
To use any of the API operations, you must be authorized in an IAM policy. If you're not authorized,
talk to an administrator. If you're an administrator who needs to write policies to give users access,
see Get Started with Policies.
UIPassword
A text password that enables a user to sign in to the Console, the user interface for interacting with Oracle
Cloud Infrastructure.
For more information about user credentials, see User Credentials.
UIPasswordInformation
Information about the UIPassword, which is a text password that enables a user to sign in to the Console,
the user interface for interacting with Oracle Cloud Infrastructure.
For more information about user credentials, see User Credentials.
UpdateAuthenticationPolicyDetails
Update request for authentication policy, describes set of validation rules and their parameters to be updated.
UpdateAuthTokenDetails
UpdateCompartmentDetails
UpdateCustomerSecretKeyDetails
UpdateDomainDetails
(For tenancies that support identity domains) Update identity domain details.
UpdateDynamicGroupDetails
Properties for updating a dynamic group.
UpdateGroupDetails
UpdateIdentityProviderDetails
UpdateIdentityProviderDetailsModelConverter
UpdateIdpGroupMappingDetails
UpdateNetworkSourceDetails
UpdateOAuth2ClientCredentialDetails
UpdatePolicyDetails
UpdateSaml2IdentityProviderDetails
UpdateSmtpCredentialDetails
UpdateStateDetails
UpdateSwiftPasswordDetails
UpdateTagDefaultDetails
UpdateTagDetails
UpdateTagNamespaceDetails
UpdateUserCapabilitiesDetails
UpdateUserDetails
User
An individual employee or system that needs to manage or use your company's Oracle Cloud Infrastructure
resources. Users might need to launch instances, manage remote disks, work with your cloud network, etc. Users
have one or more IAM Service credentials ({@link ApiKey},
{@link UIPassword}, {@link SwiftPassword} and
{@link AuthToken}).
For more information, see User Credentials). End users of your
application are not typically IAM Service users, but for tenancies that have identity domains, they might be.
For conceptual information about users and other IAM Service components, see Overview of IAM.
These users are created directly within the Oracle Cloud Infrastructure system, via the IAM service.
They are different from federated users, who authenticate themselves to the Oracle Cloud Infrastructure
Console via an identity provider. For more information, see
Identity Providers and Federation.
To use any of the API operations, you must be authorized in an IAM policy. If you're not authorized,
talk to an administrator. If you're an administrator who needs to write policies to give users access,
see Get Started with Policies.
Warning: Oracle recommends that you avoid using any confidential information when you supply string values
using the API.
UserCapabilities
Properties indicating how the user is allowed to authenticate.
UserGroupMembership
An object that represents the membership of a user in a group. When you add a user to a group, the result is a
UserGroupMembership with its own OCID. To remove a user from a group, you delete the UserGroupMembership object.
WorkRequest
The asynchronous API request does not take effect immediately. This request spawns an asynchronous workflow to fulfill the request. WorkRequest objects provide visibility for in-progress workflows.
WorkRequestError
The error entity.
WorkRequestLogEntry
The log entity.
WorkRequestResource
The resource entity.
WorkRequestSummary
The work request summary. Tracks the status of the asynchronous operation.