1. REST API for Oracle Identity Cloud Service
  2. Tasks
  3. Multi-Factor Authentication (MFA)
  4. Settings

Search Authentication Factor Settings

get

/admin/v1/AuthenticationFactorSettings

Request

Query Parameters
  • A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If "attributes" query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
    Allowed Values: [ "all", "always", "never", "request", "default" ]
  • A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
Header Parameters
  • The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
  • An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.
Back to Top

Response

Supported Media Types

200 Response

The request was successful.
Body ()
Root Schema : AuthenticationFactorSettings-ListResponse
Type: object
The SCIM protocol defines a standard set of query parameters that can be used to filter, sort, and paginate to return zero or more resources in a query response. Queries MAY be made against a single resource or a resource type endpoint (e.g., /Users), or the service provider Base URI.
Show Source
  • The number of resources returned in a list response page. REQUIRED when partial results returned due to pagination.
  • Resources
    A multi-valued list of complex objects containing the requested resources. This MAY be a subset of the full set of resources if pagination is requested. REQUIRED if "totalResults" is non-zero.
  • schemas
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The 1-based index of the first result in the current set of list results. REQUIRED when partial results returned due to pagination.
  • The total number of results returned by the list or query operation. The value may be larger than the number of resources returned such as when returning a single page of results where multiple pages are available. REQUIRED.
Nested Schema : Resources
Type: array
A multi-valued list of complex objects containing the requested resources. This MAY be a subset of the full set of resources if pagination is requested. REQUIRED if "totalResults" is non-zero.
Show Source
Nested Schema : schemas
Type: array
The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ]
Show Source
Nested Schema : AuthenticationFactorSettings
Type: object
Multi Factor Authentication Settings for Tenant
Show Source
  • Added In: 2011192329

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that email will not be enrolled as a MFA factor automatically if it a account recovery factor
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that Bypass Code is enabled for authentication
  • bypassCodeSettings
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: complex
    • uniqueness: none
    Settings related to the bypass code, such as bypass code length, bypass code expiry, max active bypass codes, and so on
  • clientAppSettings
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: complex
    • uniqueness: none
    Settings related to compliance, Personal Identification Number (PIN) policy, and so on
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    OCI Compartment Id (ocid) in which the resource lives.
  • compliancePolicy
    SCIM++ Properties:
    • idcsCompositeKey: [name]
    • idcsSearchable: false
    • multiValued: true
    • mutability: readWrite
    • required: true
    • returned: default
    • type: complex
    • uniqueness: none
    Compliance Policy that defines actions to be taken when a condition is violated
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    OCI Domain Id (ocid) in which the resource lives.
  • Added In: 18.1.2

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the EMAIL channel is enabled for authentication
  • emailSettings
    Added In: 20.1.3

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: complex
    • uniqueness: none
    Settings related to Email Factor, such as enabled email magic link factor, custom url for Email Link
  • endpointRestrictions
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: complex
    • uniqueness: none
    Settings that describe the set of restrictions that the system should apply to devices and trusted endpoints of a user
  • Added In: 2009232244

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the Fido Authenticator channels are enabled for authentication
  • Added In: 19.3.3

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that 'Show backup factor(s)' button will be hidden during authentication
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: always
    • type: string
    • uniqueness: global
    Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
  • idcsCreatedBy
    SCIM++ Properties:
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: complex
    The User or App who created the Resource
  • idcsLastModifiedBy
    SCIM++ Properties:
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: complex
    The User or App who modified the Resource
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    The release number when the resource was upgraded.
  • idcsPreventedOperations
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: true
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
  • identityStoreSettings
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: complex
    • uniqueness: none
    Settings related to the use of a user's profile details from the identity store
  • meta
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • idcsCsvAttributeNameMappings: [[columnHeaderName:Created Date, mapsTo:meta.created]]
    • type: complex
    A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
  • Deprecated Since: 18.1.2

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Specifies the category of people for whom Multi-Factor Authentication is enabled. This is a readOnly attribute which reflects the value of mfaEnabledCategory attribute in SsoSettings
  • Deprecated Since: 18.1.2

    SCIM++ Properties:
    • idcsCanonicalValueSourceFilter: attrName eq "mfaEnrollmentType" and attrValues.value eq "$(mfaEnrollmentType)"
    • idcsCanonicalValueSourceResourceType: AllowedValue
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Specifies if Multi-Factor Authentication enrollment is mandatory or optional for a user
  • notificationSettings
    Added In: 17.4.2

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: complex
    • uniqueness: none
    Settings related to the Mobile App Notification channel, such as pull
  • Maximum Length: 255
    SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: immutable
    • required: false
    • returned: default
    • type: string
    • uniqueness: global
    Unique OCI identifier for the SCIM Resource.
  • Added In: 20.1.3

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the phone (PHONE_CALL) channel is enabled for authentication
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the Mobile App Push Notification channel is enabled for authentication
  • schemas
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: true
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard \"enterprise\" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that Security Questions are enabled for authentication
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the Short Message Service (SMS) channel is enabled for authentication
  • tags
    SCIM++ Properties:
    • idcsCompositeKey: [key, value]
    • idcsSearchable: true
    • multiValued: true
    • mutability: readWrite
    • required: false
    • returned: request
    • type: complex
    • uniqueness: none
    A list of tags on this resource.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    OCI Tenant Id (ocid) in which the resource lives.
  • thirdPartyFactor
    Added In: 19.2.1

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: complex
    • uniqueness: none
    Settings related to third-party factor
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the Mobile App One Time Passcode channel is enabled for authentication
  • totpSettings
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: complex
    • uniqueness: none
    Settings related to Time-Based One-Time Passcodes (TOTP), such as hashing algo, totp time step, passcode length, and so on
  • urn:ietf:params:scim:schemas:oracle:idcs:extension:fido:AuthenticationFactorSettings
    This extension defines attributes used to manage Multi-Factor Authentication settings of fido authentication
  • urn:ietf:params:scim:schemas:oracle:idcs:extension:thirdParty:AuthenticationFactorSettings
    This extension defines attributes used to manage Multi-Factor Authentication settings of third party provider
  • userEnrollmentDisabledFactors
    Added In: 2012271618

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: true
    • mutability: readWrite
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Factors for which enrollment should be blocked for End User
  • Added In: 2109090424

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the Yubico OTP is enabled for authentication
Nested Schema : bypassCodeSettings
Type: object
SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: true
  • returned: default
  • type: complex
  • uniqueness: none
Settings related to the bypass code, such as bypass code length, bypass code expiry, max active bypass codes, and so on
Show Source
  • SCIM++ Properties:
    • idcsMaxValue: 9999999
    • idcsMinValue: 1
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Expiry (in minutes) of any bypass code that is generated by the help desk
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that help desk bypass code generation is enabled
  • SCIM++ Properties:
    • idcsMaxValue: 999
    • idcsMinValue: 1
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The maximum number of times that any bypass code that is generated by the help desk can be used
  • SCIM++ Properties:
    • idcsMaxValue: 20
    • idcsMinValue: 8
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Exact length of the bypass code to be generated
  • SCIM++ Properties:
    • idcsMaxValue: 6
    • idcsMinValue: 1
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The maximum number of bypass codes that can be issued to any user
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that self-service bypass code generation is enabled
Nested Schema : clientAppSettings
Type: object
SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: true
  • returned: default
  • type: complex
  • uniqueness: none
Settings related to compliance, Personal Identification Number (PIN) policy, and so on
Show Source
  • SCIM++ Properties:
    • idcsCanonicalValueSourceFilter: attrName eq "deviceProtectionPolicy" and attrValues.value eq "$(deviceProtectionPolicy)"
    • idcsCanonicalValueSourceResourceType: AllowedValue
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Indicates what protection policy that the system applies on a device. By default, the value is NONE, which indicates that the system applies no protection policy. A value of APP_PIN indicates that the system requires a Personal Identification Number (PIN). A value of DEVICE_BIOMETRIC_OR_APP_PIN indicates that either a PIN or a biometric authentication factor is required.
  • SCIM++ Properties:
    • idcsMaxValue: 86400
    • idcsMinValue: 30
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The period of time in seconds that the system will lock a user out of the service after that user exceeds the maximum number of login failures
  • SCIM++ Properties:
    • idcsMaxValue: 4000
    • idcsMinValue: 32
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The size of the key that the system uses to generate the public-private key pair
  • SCIM++ Properties:
    • idcsCanonicalValueSourceFilter: attrName eq "lockoutEscalationPattern" and attrValues.value eq "$(lockoutEscalationPattern)"
    • idcsCanonicalValueSourceResourceType: AllowedValue
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The pattern of escalation that the system follows, in locking a particular user out of the service.
  • SCIM++ Properties:
    • idcsMaxValue: 10
    • idcsMinValue: 5
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The maximum number of times that a particular user can fail to login before the system locks that user out of the service
  • SCIM++ Properties:
    • idcsMaxValue: 10
    • idcsMinValue: 0
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The maximum number of login failures that the system will allow before raising a warning and sending an alert via email
  • SCIM++ Properties:
    • idcsMaxValue: 86400
    • idcsMinValue: 30
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The maximum period of time that the system will lock a particular user out of the service regardless of what the configured pattern of escalation would otherwise dictate
  • SCIM++ Properties:
    • idcsMaxValue: 10
    • idcsMinValue: 6
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Minimum length of the Personal Identification Number (PIN)
  • SCIM++ Properties:
    • idcsMaxValue: 999
    • idcsMinValue: 1
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The period of time in days after which a client should refresh its policy by re-reading that policy from the server
  • Allowed Values: [ "SHA256withRSA", "SHA384withRSA", "SHA512withRSA" ]
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Indicates which algorithm the system will use to sign requests
  • Allowed Values: [ "Base32", "Base64" ]
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Indicates the type of encoding that the system should use to generate a shared secret
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the system should require the user to unlock the client app for each request. In order to unlock the App, the user must supply a Personal Identification Number (PIN) or a biometric authentication-factor.
  • SCIM++ Properties:
    • idcsMaxValue: 9999999
    • idcsMinValue: 0
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Specifies the period of time in seconds after which the client App should require the user to unlock the App. In order to unlock the App, the user must supply a Personal Identification Number (PIN) or a biometric authentication-factor. A value of zero means that it is disabled.
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the system should require the user to unlock the client App, when the client App comes to the foreground in the display of the device. In order to unlock the App, the user must supply a Personal Identification Number (PIN) or a biometric authentication-factor.
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the system should require the user to unlock the client App whenever the App is started. In order to unlock the App, the user must supply a Personal Identification Number (PIN) or a biometric authentication-factor.
Nested Schema : compliancePolicy
Type: array
SCIM++ Properties:
  • idcsCompositeKey: [name]
  • idcsSearchable: false
  • multiValued: true
  • mutability: readWrite
  • required: true
  • returned: default
  • type: complex
  • uniqueness: none
Compliance Policy that defines actions to be taken when a condition is violated
Show Source
Nested Schema : emailSettings
Type: object
Added In: 20.1.3

SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: complex
  • uniqueness: none
Settings related to Email Factor, such as enabled email magic link factor, custom url for Email Link
Show Source
  • Added In: 20.1.3

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Custom redirect Url which will be used in email link
  • Added In: 20.1.3

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    Specifies whether Email link is enabled or not.
Nested Schema : endpointRestrictions
Type: object
SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: true
  • returned: default
  • type: complex
  • uniqueness: none
Settings that describe the set of restrictions that the system should apply to devices and trusted endpoints of a user
Show Source
  • SCIM++ Properties:
    • idcsMaxValue: 180
    • idcsMinValue: 1
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Maximum number of days until an endpoint can be trusted
  • SCIM++ Properties:
    • idcsMaxValue: 20
    • idcsMinValue: 1
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Maximum number of enrolled devices per user
  • SCIM++ Properties:
    • idcsMaxValue: 20
    • idcsMinValue: 5
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    An integer that represents the maximum number of failed MFA logins before an account is locked
  • SCIM++ Properties:
    • idcsMaxValue: 20
    • idcsMinValue: 1
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Max number of trusted endpoints per user
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    Specify if trusted endpoints are enabled
Nested Schema : idcsCreatedBy
Type: object
SCIM++ Properties:
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: true
  • returned: default
  • type: complex
The User or App who created the Resource
Show Source
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: reference
    • uniqueness: none
    The URI of the SCIM resource that represents the User or App who created this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The displayName of the User or App who created this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • returned: default
    • type: string
    • uniqueness: none
    The OCID of the SCIM resource that represents the User or App who created this Resource
  • Allowed Values: [ "User", "App" ]
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The type of resource, User or App, that created this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The ID of the SCIM resource that represents the User or App who created this Resource
Nested Schema : idcsLastModifiedBy
Type: object
SCIM++ Properties:
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • type: complex
The User or App who modified the Resource
Show Source
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: reference
    • uniqueness: none
    The URI of the SCIM resource that represents the User or App who modified this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The displayName of the User or App who modified this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • returned: default
    • type: string
    • uniqueness: none
    The OCID of the SCIM resource that represents the User or App who modified this Resource
  • Allowed Values: [ "User", "App" ]
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The type of resource, User or App, that modified this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The ID of the SCIM resource that represents the User or App who modified this Resource
Nested Schema : idcsPreventedOperations
Type: array
SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: true
  • mutability: readOnly
  • required: false
  • returned: request
  • type: string
  • uniqueness: none
Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
Allowed Values: [ "replace", "update", "delete" ]
Show Source
Nested Schema : identityStoreSettings
Type: object
SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: complex
  • uniqueness: none
Settings related to the use of a user's profile details from the identity store
Show Source
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that Multi-Factor Authentication should use the mobile number in the identity store
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the user can update the mobile number in the user's Multi-Factor Authentication profile
Nested Schema : meta
Type: object
SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • idcsCsvAttributeNameMappings: [[columnHeaderName:Created Date, mapsTo:meta.created]]
  • type: complex
A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
Show Source
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: dateTime
    • uniqueness: none
    The DateTime the Resource was added to the Service Provider
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: dateTime
    • uniqueness: none
    The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Name of the resource type of the resource--for example, Users or Groups
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The version of the Resource being returned. This value must be the same as the ETag HTTP response header.
Nested Schema : notificationSettings
Type: object
Added In: 17.4.2

SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: true
  • returned: default
  • type: complex
  • uniqueness: none
Settings related to the Mobile App Notification channel, such as pull
Show Source
  • Added In: 17.4.2

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the Mobile App Pull Notification channel is enabled for authentication
Nested Schema : schemas
Type: array
SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: true
  • mutability: readWrite
  • required: true
  • returned: default
  • type: string
  • uniqueness: none
REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard \"enterprise\" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
Show Source
Nested Schema : tags
Type: array
SCIM++ Properties:
  • idcsCompositeKey: [key, value]
  • idcsSearchable: true
  • multiValued: true
  • mutability: readWrite
  • required: false
  • returned: request
  • type: complex
  • uniqueness: none
A list of tags on this resource.
Show Source
Nested Schema : thirdPartyFactor
Type: object
Added In: 19.2.1

SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: complex
  • uniqueness: none
Settings related to third-party factor
Show Source
  • Added In: 19.2.1

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    To enable Duo Security factor
Nested Schema : totpSettings
Type: object
SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: true
  • returned: default
  • type: complex
  • uniqueness: none
Settings related to Time-Based One-Time Passcodes (TOTP), such as hashing algo, totp time step, passcode length, and so on
Show Source
  • Added In: 18.1.2

    SCIM++ Properties:
    • idcsMaxValue: 60
    • idcsMinValue: 2
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The period of time (in minutes) that a one-time passcode remains valid that the system sends by email.
  • Added In: 18.1.2

    SCIM++ Properties:
    • idcsMaxValue: 10
    • idcsMinValue: 4
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Exact length of the email one-time passcode.
  • Allowed Values: [ "SHA1", "SHA256", "SHA384", "SHA512", "MD5" ]
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The hashing algorithm to be used to calculate a One-Time Passcode. By default, the system uses SHA1.
  • SCIM++ Properties:
    • idcsMaxValue: 99999
    • idcsMinValue: 30
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The period of time (in seconds) that a JSON Web Token (JWT) is valid
  • SCIM++ Properties:
    • idcsMaxValue: 999
    • idcsMinValue: 30
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The duration of time (in days) after which the shared secret has to be refreshed
  • SCIM++ Properties:
    • idcsMaxValue: 10
    • idcsMinValue: 4
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Exact length of the One-Time Passcode that the system should generate
  • SCIM++ Properties:
    • idcsMaxValue: 60
    • idcsMinValue: 2
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The period of time (in minutes) for which a One-Time Passcode that the system sends by Short Message Service (SMS) or by voice remains valid
  • SCIM++ Properties:
    • idcsMaxValue: 10
    • idcsMinValue: 4
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Exact length of the Short Message Service (SMS) One-Time Passcode
  • SCIM++ Properties:
    • idcsMaxValue: 300
    • idcsMinValue: 30
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Time (in secs) to be used as the time step
  • SCIM++ Properties:
    • idcsMaxValue: 3
    • idcsMinValue: 2
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The tolerance/step-size that the system should use when validating a One-Time Passcode
Nested Schema : urn:ietf:params:scim:schemas:oracle:idcs:extension:fido:AuthenticationFactorSettings
Type: object
This extension defines attributes used to manage Multi-Factor Authentication settings of fido authentication
Show Source
  • Allowed Values: [ "NONE", "DIRECT", "INDIRECT" ]
    Added In: 2009232244

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Attribute used to define the type of attestation required.
  • Allowed Values: [ "PLATFORM", "CROSS-PLATFORM", "BOTH" ]
    Added In: 2009232244

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Attribute used to define authenticator selection attachment.
  • Added In: 2009232244

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    Flag used to indicate authenticator selection is required or not
  • Allowed Values: [ "REQUIRED", "PREFERRED", "DISCOURAGED", "NONE" ]
    Added In: 2009232244

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Attribute used to define authenticator selection resident key requirement.
  • Allowed Values: [ "REQUIRED", "PREFERRED", "DISCOURAGED" ]
    Added In: 2009232244

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Attribute used to define authenticator selection verification.
  • Added In: 2109020413

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • idcsMaxValue: 2
    • idcsMinValue: 0
    • required: false
    • returned: default
    • type: integer
    • uniqueness: none
    Number of domain levels Oracle Identity Cloud Service should use for origin comparision
  • Added In: 2009232244

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    Flag used to indicate whether we need to restrict creation of multiple credentials in same authenticator
  • publicKeyTypes
    Added In: 2009232244

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: true
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    List of server supported public key algorithms
  • Added In: 2009232244

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • idcsMaxValue: 600000
    • idcsMinValue: 10000
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Timeout for the fido authentication to complete
Nested Schema : urn:ietf:params:scim:schemas:oracle:idcs:extension:thirdParty:AuthenticationFactorSettings
Type: object
This extension defines attributes used to manage Multi-Factor Authentication settings of third party provider
Show Source
Nested Schema : userEnrollmentDisabledFactors
Type: array
Added In: 2012271618

SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: true
  • mutability: readWrite
  • required: false
  • returned: default
  • type: string
  • uniqueness: none
Factors for which enrollment should be blocked for End User
Allowed Values: [ "EMAIL", "SMS", "TOTP", "PUSH", "OFFLINETOTP", "VOICE", "PHONE_CALL", "THIRDPARTY", "FIDO_AUTHENTICATOR", "YUBICO_OTP" ]
Show Source
Nested Schema : compliancePolicy
Type: object
Compliance Policy that defines actions to be taken when a condition is violated
Show Source
  • Allowed Values: [ "Allow", "Block", "Notify", "None" ]
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The action to be taken if the value of the attribute is not as expected
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The name of the attribute being evaluated
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The value of the attribute to be evaluated
Nested Schema : tags
Type: object
A list of tags on this resource.
Show Source
  • Maximum Length: 256
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Key or name of the tag.
  • Maximum Length: 256
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Value of the tag.
Nested Schema : publicKeyTypes
Type: array
Added In: 2009232244

SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: true
  • mutability: readWrite
  • required: true
  • returned: default
  • type: string
  • uniqueness: none
List of server supported public key algorithms
Allowed Values: [ "RS1", "RS256", "ES256" ]
Show Source
Nested Schema : duoSecuritySettings
Type: object
Added In: 19.2.1

SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: complex
  • uniqueness: none
Settings related to Duo Security
Show Source
  • Added In: 19.2.1

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Hostname to access the Duo security account
  • Added In: 19.2.1

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: never
    • type: string
    • uniqueness: none
    Attestation key to attest the request and response between Duo Security
  • Added In: 19.2.1

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Integration key from Duo Security authenticator
  • Added In: 19.2.1

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Secret key from Duo Security authenticator
  • Allowed Values: [ "primaryEmail", "userName", "givenName" ]
    Added In: 19.2.1

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    User attribute mapping value

400 Response

Bad or invalid request
Body ()
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Show Source
  • A detailed, human readable message. OPTIONAL
  • schemas
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
  • urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
    Extension schema for error messages providing more details with the exception status.
    Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : schemas
Type: array
The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error" ]
Show Source
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Show Source
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.

401 Response

The supplied credentials, if any, are not sufficient to access the resource.
Body ()
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Show Source
  • A detailed, human readable message. OPTIONAL
  • schemas
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
  • urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
    Extension schema for error messages providing more details with the exception status.
    Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : schemas
Type: array
The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error" ]
Show Source
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Show Source
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.

404 Response

The requested resource could not be found.
Body ()
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Show Source
  • A detailed, human readable message. OPTIONAL
  • schemas
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
  • urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
    Extension schema for error messages providing more details with the exception status.
    Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : schemas
Type: array
The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error" ]
Show Source
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Show Source
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.

500 Response

We couldn't return the representation due to an internal server error.
Body ()
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Show Source
  • A detailed, human readable message. OPTIONAL
  • schemas
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
  • urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
    Extension schema for error messages providing more details with the exception status.
    Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : schemas
Type: array
The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error" ]
Show Source
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Show Source
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.
Back to Top

Examples

The following example shows how to retrieve Multi-Factor Authentication settings for a tenant by submitting a GET request on the REST resource using cURL. For more information about cURL, see Use cURL.

cURL Command

Note:

The command in this example uses the URL structure https://tenant-base-url/resource-path, where tenant-base-url represents the Identity Service URL, and the resource path represents the Identity Service API. See Send Requests for the appropriate URL structure to use. 
curl
-X GET
-H "Content-Type:application/scim+json"
-H "Authorization: Bearer <Access Token Value>"
https://tenant-base-url/admin/v1/AuthenticationFactorSettings

Example of Response Body

The following example shows the contents of the response body in JSON format:

{
  "status": 200,
  "response": {
    "schemas": [
      "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "Resources": [
      {
        "bypassCodeSettings": {
          "helpDeskCodeExpiryInMins": 60,
          "helpDeskGenerationEnabled": true,
          "helpDeskMaxUsage": 5,
          "length": 12,
          "maxActive": 5,
          "selfServiceGenerationEnabled": true
        },
        "clientAppSettings": {
          "deviceProtectionPolicy": "NONE",
          "initialLockoutPeriodInSecs": 30,
          "keyPairLength": 2048,
          "lockoutEscalationPattern": "Constant",
          "maxFailuresBeforeLockout": 10,
          "maxFailuresBeforeWarning": 5,
          "maxLockoutIntervalInSecs": 86400,
          "minPinLength": 4,
          "policyUpdateFreqInDays": 7,
          "requestSigningAlgo": "SHA256withRSA",
          "sharedSecretEncoding": "Base32",
          "unlockAppForEachRequestEnabled": false,
          "unlockAppIntervalInSecs": 30,
          "unlockOnAppForegroundEnabled": false,
          "unlockOnAppStartEnabled": false
        },
        "compliancePolicy": [
          {
            "action": "Allow",
            "name": "lockScreenRequired",
            "value": "false"
          },
          {
            "action": "Allow",
            "name": "lockScreenRequiredUnknown",
            "value": "false"
          },
          {
            "action": "Allow",
            "name": "jailBrokenDevice",
            "value": "false"
          },
          {
            "action": "Allow",
            "name": "jailBrokenDeviceUnknown",
            "value": "false"
          },
          {
            "action": "Allow",
            "name": "minWindowsVersion",
            "value": "8.1"
          },
          {
            "action": "Allow",
            "name": "minIosVersion",
            "value": "7.1"
          },
          {
            "action": "Allow",
            "name": "minAndroidVersion",
            "value": "4.1"
          },
          {
            "action": "Allow",
            "name": "minIosAppVersion",
            "value": "4.0"
          },
          {
            "action": "Allow",
            "name": "minAndroidAppVersion",
            "value": "8.0"
          },
          {
            "action": "Allow",
            "name": "minWindowsAppVersion",
            "value": "1.0"
          }
        ],
        "endpointRestrictions": {
          "maxEndpointTrustDurationInDays": 15,
          "maxEnrolledDevices": 5,
          "maxTrustedEndpoints": 5,
          "trustedEndpointsEnabled": true,
          "maxIncorrectAttempts": 10
        },
        "id": "AuthenticationFactorSettings",
        "mfaEnrollmentType": "Required",
        "pushEnabled": true,
        "schemas": [
          "urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorSettings"
        ],
        "securityQuestionsEnabled": false,
        "smsEnabled": false,
        "hideBackupFactorEnabled": false,
        "totpEnabled": true,
        "totpSettings": {
          "hashingAlgorithm": "SHA1",
          "jwtValidityDurationInSecs": 300,
          "keyRefreshIntervalInDays": 60,
          "passcodeLength": 6,
          "smsOtpValidityDurationInMins": 10,
          "smsPasscodeLength": 6,
          "timeStepInSecs": 30,
          "timeStepTolerance": 3
        },
        "meta": {
          "resourceType": "AuthenticationFactorSettings",
          "created": "2016-11-14T18:16:21.319Z",
          "lastModified": "2016-11-17T10:10:36.594Z",
          "location": "http://tenant-base-url/admin/v1/AuthenticationFactorSettings/AuthenticationFactorSettings"
        },
        "idcsCreatedBy": {
          "value": "idcssm",
          "type": "App",
          "display": "idcssm",
          "$ref": "http://tenant-base-url/admin/v1/Apps/idcssm"
        },
        "idcsLastModifiedBy": {
          "value": "e590d53525214b9e9c1774d2bf5740a5",
          "type": "User",
          "display": "admin opc",
          "$ref": "http://tenant-base-url/admin/v1/Users/e590d53525214b9e9c1774d2bf5740a5"
        }
      }
    ],
    "startIndex": 1,
    "itemsPerPage": 50
  }
}
Back to Top