Get Authentication Factor Settings

get

/admin/v1/AuthenticationFactorSettings/{id}

Request

Supported Media Types
Path Parameters
Query Parameters
  • A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If "attributes" query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
    Allowed Values: [ "all", "always", "never", "request", "default" ]
  • A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
Header Parameters
  • The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
  • Media Type
  • An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.
Back to Top

Response

Supported Media Types

200 Response

The request was successful.
Body ()
Root Schema : AuthenticationFactorSettings
Type: object
Multi Factor Authentication Settings for Tenant
Show Source
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that Bypass Code is enabled for authentication
  • bypassCodeSettings
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: complex
    • uniqueness: none
    Settings related to the bypass code, such as bypass code length, bypass code expiry, max active bypass codes, and so on
  • clientAppSettings
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: complex
    • uniqueness: none
    Settings related to compliance, Personal Identification Number (PIN) policy, and so on
  • compliancePolicy
    SCIM++ Properties:
    • idcsCompositeKey: [name]
    • idcsSearchable: false
    • multiValued: true
    • mutability: readWrite
    • required: true
    • returned: default
    • type: complex
    • uniqueness: none
    Compliance Policy that defines actions to be taken when a condition is violated
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
  • Added In: 18.1.2

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the EMAIL channel is enabled for authentication
  • emailSettings
    Added In: 20.1.3

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: complex
    • uniqueness: none
    Settings related to Email Factor, such as enabled email magic link factor, custom url for Email Link
  • endpointRestrictions
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: complex
    • uniqueness: none
    Settings that describe the set of restrictions that the system should apply to devices and trusted endpoints of a user
  • Added In: 19.3.3

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that 'Show backup factor(s)' button will be hidden during authentication
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: always
    • type: string
    • uniqueness: global
    Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
  • idcsCreatedBy
    SCIM++ Properties:
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: complex
    The User or App who created the Resource
  • idcsLastModifiedBy
    SCIM++ Properties:
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: complex
    The User or App who modified the Resource
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    The release number when the resource was upgraded.
  • Allowed Values: [ "replace", "update", "delete" ]
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: true
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
  • identityStoreSettings
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: complex
    • uniqueness: none
    Settings related to the use of a user's profile details from the identity store
  • meta
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • idcsCsvAttributeNameMappings: [[columnHeaderName:Created Date, mapsTo:meta.created]]
    • type: complex
    A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
  • Deprecated Since: 18.1.2

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Specifies the category of people for whom Multi-Factor Authentication is enabled. This is a readOnly attribute which reflects the value of mfaEnabledCategory attribute in SsoSettings
  • Deprecated Since: 18.1.2

    SCIM++ Properties:
    • idcsCanonicalValueSourceFilter: attrName eq "mfaEnrollmentType" and attrValues.value eq "$(mfaEnrollmentType)"
    • idcsCanonicalValueSourceResourceType: AllowedValue
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Specifies if Multi-Factor Authentication enrollment is mandatory or optional for a user
  • notificationSettings
    Added In: 17.4.2

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: complex
    • uniqueness: none
    Settings related to the Mobile App Notification channel, such as pull
  • Added In: 20.1.3

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the phone (PHONE_CALL) channel is enabled for authentication
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the Mobile App Push Notification channel is enabled for authentication
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: true
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard \"enterprise\" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that Security Questions are enabled for authentication
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the Short Message Service (SMS) channel is enabled for authentication
  • tags
    SCIM++ Properties:
    • idcsCompositeKey: [key, value]
    • idcsSearchable: true
    • multiValued: true
    • mutability: readWrite
    • required: false
    • returned: request
    • type: complex
    • uniqueness: none
    A list of tags on this resource.
  • thirdPartyFactor
    Added In: 19.2.1

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: complex
    • uniqueness: none
    Settings related to third-party factor
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the Mobile App One Time Passcode channel is enabled for authentication
  • totpSettings
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: complex
    • uniqueness: none
    Settings related to Time-Based One-Time Passcodes (TOTP), such as hashing algo, totp time step, passcode length, and so on
  • urn:ietf:params:scim:schemas:oracle:idcs:extension:thirdParty:AuthenticationFactorSettings
    This extension defines attributes used to manage Multi-Factor Authentication settings of third party provider
Nested Schema : bypassCodeSettings
Type: object
SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: true
  • returned: default
  • type: complex
  • uniqueness: none
Settings related to the bypass code, such as bypass code length, bypass code expiry, max active bypass codes, and so on
Show Source
  • SCIM++ Properties:
    • idcsMaxValue: 9999999
    • idcsMinValue: 1
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Expiry (in minutes) of any bypass code that is generated by the help desk
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that help desk bypass code generation is enabled
  • SCIM++ Properties:
    • idcsMaxValue: 999
    • idcsMinValue: 1
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The maximum number of times that any bypass code that is generated by the help desk can be used
  • SCIM++ Properties:
    • idcsMaxValue: 20
    • idcsMinValue: 8
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Exact length of the bypass code to be generated
  • SCIM++ Properties:
    • idcsMaxValue: 6
    • idcsMinValue: 1
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The maximum number of bypass codes that can be issued to any user
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that self-service bypass code generation is enabled
Nested Schema : clientAppSettings
Type: object
SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: true
  • returned: default
  • type: complex
  • uniqueness: none
Settings related to compliance, Personal Identification Number (PIN) policy, and so on
Show Source
  • SCIM++ Properties:
    • idcsCanonicalValueSourceFilter: attrName eq "deviceProtectionPolicy" and attrValues.value eq "$(deviceProtectionPolicy)"
    • idcsCanonicalValueSourceResourceType: AllowedValue
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Indicates what protection policy that the system applies on a device. By default, the value is NONE, which indicates that the system applies no protection policy. A value of APP_PIN indicates that the system requires a Personal Identification Number (PIN). A value of DEVICE_BIOMETRIC_OR_APP_PIN indicates that either a PIN or a biometric authentication factor is required.
  • SCIM++ Properties:
    • idcsMaxValue: 86400
    • idcsMinValue: 30
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The period of time in seconds that the system will lock a user out of the service after that user exceeds the maximum number of login failures
  • SCIM++ Properties:
    • idcsMaxValue: 4000
    • idcsMinValue: 32
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The size of the key that the system uses to generate the public-private key pair
  • SCIM++ Properties:
    • idcsCanonicalValueSourceFilter: attrName eq "lockoutEscalationPattern" and attrValues.value eq "$(lockoutEscalationPattern)"
    • idcsCanonicalValueSourceResourceType: AllowedValue
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The pattern of escalation that the system follows, in locking a particular user out of the service.
  • SCIM++ Properties:
    • idcsMaxValue: 10
    • idcsMinValue: 5
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The maximum number of times that a particular user can fail to login before the system locks that user out of the service
  • SCIM++ Properties:
    • idcsMaxValue: 10
    • idcsMinValue: 0
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The maximum number of login failures that the system will allow before raising a warning and sending an alert via email
  • SCIM++ Properties:
    • idcsMaxValue: 86400
    • idcsMinValue: 30
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The maximum period of time that the system will lock a particular user out of the service regardless of what the configured pattern of escalation would otherwise dictate
  • SCIM++ Properties:
    • idcsMaxValue: 10
    • idcsMinValue: 6
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Minimum length of the Personal Identification Number (PIN)
  • SCIM++ Properties:
    • idcsMaxValue: 999
    • idcsMinValue: 1
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The period of time in days after which a client should refresh its policy by re-reading that policy from the server
  • Allowed Values: [ "SHA256withRSA", "SHA384withRSA", "SHA512withRSA" ]
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Indicates which algorithm the system will use to sign requests
  • Allowed Values: [ "Base32", "Base64" ]
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Indicates the type of encoding that the system should use to generate a shared secret
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the system should require the user to unlock the client app for each request. In order to unlock the App, the user must supply a Personal Identification Number (PIN) or a biometric authentication-factor.
  • SCIM++ Properties:
    • idcsMaxValue: 9999999
    • idcsMinValue: 0
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Specifies the period of time in seconds after which the client App should require the user to unlock the App. In order to unlock the App, the user must supply a Personal Identification Number (PIN) or a biometric authentication-factor. A value of zero means that it is disabled.
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the system should require the user to unlock the client App, when the client App comes to the foreground in the display of the device. In order to unlock the App, the user must supply a Personal Identification Number (PIN) or a biometric authentication-factor.
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the system should require the user to unlock the client App whenever the App is started. In order to unlock the App, the user must supply a Personal Identification Number (PIN) or a biometric authentication-factor.
Nested Schema : compliancePolicy
Type: array
SCIM++ Properties:
  • idcsCompositeKey: [name]
  • idcsSearchable: false
  • multiValued: true
  • mutability: readWrite
  • required: true
  • returned: default
  • type: complex
  • uniqueness: none
Compliance Policy that defines actions to be taken when a condition is violated
Show Source
Nested Schema : emailSettings
Type: object
Added In: 20.1.3

SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: complex
  • uniqueness: none
Settings related to Email Factor, such as enabled email magic link factor, custom url for Email Link
Show Source
  • Added In: 20.1.3

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Custom redirect Url which will be used in email link
  • Added In: 20.1.3

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    Specifies whether Email link is enabled or not.
Nested Schema : endpointRestrictions
Type: object
SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: true
  • returned: default
  • type: complex
  • uniqueness: none
Settings that describe the set of restrictions that the system should apply to devices and trusted endpoints of a user
Show Source
  • SCIM++ Properties:
    • idcsMaxValue: 180
    • idcsMinValue: 1
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Maximum number of days until an endpoint can be trusted
  • SCIM++ Properties:
    • idcsMaxValue: 20
    • idcsMinValue: 1
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Maximum number of enrolled devices per user
  • SCIM++ Properties:
    • idcsMaxValue: 20
    • idcsMinValue: 5
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    An integer that represents the maximum number of failed MFA logins before an account is locked
  • SCIM++ Properties:
    • idcsMaxValue: 20
    • idcsMinValue: 1
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Max number of trusted endpoints per user
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    Specify if trusted endpoints are enabled
Nested Schema : idcsCreatedBy
Type: object
SCIM++ Properties:
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: true
  • returned: default
  • type: complex
The User or App who created the Resource
Show Source
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: reference
    • uniqueness: none
    The URI of the SCIM resource that represents the User or App who created this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The displayName of the User or App who created this Resource
  • Allowed Values: [ "User", "App" ]
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The type of resource, User or App, that created this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The ID of the SCIM resource that represents the User or App who created this Resource
Nested Schema : idcsLastModifiedBy
Type: object
SCIM++ Properties:
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • type: complex
The User or App who modified the Resource
Show Source
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: reference
    • uniqueness: none
    The URI of the SCIM resource that represents the User or App who modified this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The displayName of the User or App who modified this Resource
  • Allowed Values: [ "User", "App" ]
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The type of resource, User or App, that modified this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The ID of the SCIM resource that represents the User or App who modified this Resource
Nested Schema : identityStoreSettings
Type: object
SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: complex
  • uniqueness: none
Settings related to the use of a user's profile details from the identity store
Show Source
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that Multi-Factor Authentication should use the mobile number in the identity store
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the user can update the mobile number in the user's Multi-Factor Authentication profile
Nested Schema : meta
Type: object
SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • idcsCsvAttributeNameMappings: [[columnHeaderName:Created Date, mapsTo:meta.created]]
  • type: complex
A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
Show Source
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: dateTime
    • uniqueness: none
    The DateTime the Resource was added to the Service Provider
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: dateTime
    • uniqueness: none
    The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Name of the resource type of the resource--for example, Users or Groups
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The version of the Resource being returned. This value must be the same as the ETag HTTP response header.
Nested Schema : notificationSettings
Type: object
Added In: 17.4.2

SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: true
  • returned: default
  • type: complex
  • uniqueness: none
Settings related to the Mobile App Notification channel, such as pull
Show Source
  • Added In: 17.4.2

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    If true, indicates that the Mobile App Pull Notification channel is enabled for authentication
Nested Schema : tags
Type: array
SCIM++ Properties:
  • idcsCompositeKey: [key, value]
  • idcsSearchable: true
  • multiValued: true
  • mutability: readWrite
  • required: false
  • returned: request
  • type: complex
  • uniqueness: none
A list of tags on this resource.
Show Source
Nested Schema : thirdPartyFactor
Type: object
Added In: 19.2.1

SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: complex
  • uniqueness: none
Settings related to third-party factor
Show Source
  • Added In: 19.2.1

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: boolean
    • uniqueness: none
    To enable Duo Security factor
Nested Schema : totpSettings
Type: object
SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: true
  • returned: default
  • type: complex
  • uniqueness: none
Settings related to Time-Based One-Time Passcodes (TOTP), such as hashing algo, totp time step, passcode length, and so on
Show Source
  • Added In: 18.1.2

    SCIM++ Properties:
    • idcsMaxValue: 60
    • idcsMinValue: 2
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The period of time (in minutes) that a one-time passcode remains valid that the system sends by email.
  • Added In: 18.1.2

    SCIM++ Properties:
    • idcsMaxValue: 10
    • idcsMinValue: 4
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Exact length of the email one-time passcode.
  • Allowed Values: [ "SHA1", "SHA256", "SHA384", "SHA512", "MD5" ]
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The hashing algorithm to be used to calculate a One-Time Passcode. By default, the system uses SHA1.
  • SCIM++ Properties:
    • idcsMaxValue: 99999
    • idcsMinValue: 30
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The period of time (in seconds) that a JSON Web Token (JWT) is valid
  • SCIM++ Properties:
    • idcsMaxValue: 999
    • idcsMinValue: 30
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The duration of time (in days) after which the shared secret has to be refreshed
  • SCIM++ Properties:
    • idcsMaxValue: 10
    • idcsMinValue: 4
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Exact length of the One-Time Passcode that the system should generate
  • SCIM++ Properties:
    • idcsMaxValue: 60
    • idcsMinValue: 2
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The period of time (in minutes) for which a One-Time Passcode that the system sends by Short Message Service (SMS) or by voice remains valid
  • SCIM++ Properties:
    • idcsMaxValue: 10
    • idcsMinValue: 4
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Exact length of the Short Message Service (SMS) One-Time Passcode
  • SCIM++ Properties:
    • idcsMaxValue: 300
    • idcsMinValue: 30
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    Time (in secs) to be used as the time step
  • SCIM++ Properties:
    • idcsMaxValue: 3
    • idcsMinValue: 2
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: integer
    • uniqueness: none
    The tolerance/step-size that the system should use when validating a One-Time Passcode
Nested Schema : urn:ietf:params:scim:schemas:oracle:idcs:extension:thirdParty:AuthenticationFactorSettings
Type: object
This extension defines attributes used to manage Multi-Factor Authentication settings of third party provider
Show Source
Nested Schema : compliancePolicy
Type: object
Compliance Policy that defines actions to be taken when a condition is violated
Show Source
  • Allowed Values: [ "Allow", "Block", "Notify", "None" ]
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The action to be taken if the value of the attribute is not as expected
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The name of the attribute being evaluated
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The value of the attribute to be evaluated
Nested Schema : tags
Type: object
A list of tags on this resource.
Show Source
  • Maximum Length: 256
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Key or name of the tag.
  • Maximum Length: 256
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Value of the tag.
Nested Schema : duoSecuritySettings
Type: object
Added In: 19.2.1

SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: complex
  • uniqueness: none
Settings related to Duo Security
Show Source
  • Added In: 19.2.1

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Hostname to access the Duo security account
  • Added In: 19.2.1

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: never
    • type: string
    • uniqueness: none
    Attestation key to attest the request and response between Duo Security
  • Added In: 19.2.1

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Integration key from Duo Security authenticator
  • Added In: 19.2.1

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Secret key from Duo Security authenticator
  • Allowed Values: [ "primaryEmail", "userName", "givenName" ]
    Added In: 19.2.1

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    User attribute mapping value

400 Response

Bad or invalid request
Body ()
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Show Source
  • A detailed, human readable message. OPTIONAL
  • Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error" ]
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
  • urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
    Extension schema for error messages providing more details with the exception status.
    Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Show Source
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.

401 Response

The supplied credentials, if any, are not sufficient to access the resource.
Body ()
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Show Source
  • A detailed, human readable message. OPTIONAL
  • Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error" ]
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
  • urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
    Extension schema for error messages providing more details with the exception status.
    Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Show Source
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.

404 Response

The requested resource was not found.
Body ()
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Show Source
  • A detailed, human readable message. OPTIONAL
  • Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error" ]
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
  • urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
    Extension schema for error messages providing more details with the exception status.
    Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Show Source
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.

500 Response

We couldn't return the representation due to an internal server error.
Body ()
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Show Source
  • A detailed, human readable message. OPTIONAL
  • Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error" ]
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
  • urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
    Extension schema for error messages providing more details with the exception status.
    Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Show Source
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.
Back to Top

Examples

The following example shows how to retrieve Multi-Factor Authentication settings for a tenant by submitting a GET request on the REST resource using cURL. For more information about cURL, see Use cURL.

cURL Command

Note:

The command in this example uses the URL structure https://tenant-base-url/resource-path, where tenant-base-url represents the Identity Service URL, and the resource path represents the Identity Service API. See Send Requests for the appropriate URL structure to use.
curl
-X GET
-H "Content-Type:application/json"
-H "Authorization: Bearer <Access Token Value>"
https://tenant-base-url/admin/v1/AuthenticationFactorSettings/<ID>

Example of Response Body

The following example shows the contents of the response body in JSON format:

{
    "bypassCodeSettings": {
        "helpDeskCodeExpiryInMins": 60,
        "helpDeskGenerationEnabled": true,
        "helpDeskMaxUsage": 5,
        "length": 12,
        "maxActive": 5,
        "selfServiceGenerationEnabled": true
    },
    "clientAppSettings": {
        "deviceProtectionPolicy": "NONE",
        "initialLockoutPeriodInSecs": 30,
        "keyPairLength": 2048,
        "lockoutEscalationPattern": "Constant",
        "maxFailuresBeforeLockout": 10,
        "maxFailuresBeforeWarning": 5,
        "maxLockoutIntervalInSecs": 86400,
        "minPinLength": 4,
        "policyUpdateFreqInDays": 7,
        "requestSigningAlgo": "SHA256withRSA",
        "sharedSecretEncoding": "Base32",
        "unlockAppForEachRequestEnabled": false,
        "unlockAppIntervalInSecs": 30,
        "unlockOnAppForegroundEnabled": false,
        "unlockOnAppStartEnabled": false
    },
    "compliancePolicy": [
        {
            "action": "Allow",
            "name": "lockScreenRequired",
            "value": "false"
        },
        {
            "action": "Allow",
            "name": "lockScreenRequiredUnknown",
            "value": "false"
        },
        {
            "action": "Allow",
            "name": "jailBrokenDevice",
            "value": "false"
        },
        {
            "action": "Allow",
            "name": "jailBrokenDeviceUnknown",
            "value": "false"
        },
        {
            "action": "Allow",
            "name": "minWindowsVersion",
            "value": "8.1"
        },
        {
            "action": "Allow",
            "name": "minIosVersion",
            "value": "7.1"
        },
        {
            "action": "Allow",
            "name": "minAndroidVersion",
            "value": "4.1"
        },
        {
            "action": "Allow",
            "name": "minIosAppVersion",
            "value": "4.0"
        },
        {
            "action": "Allow",
            "name": "minAndroidAppVersion",
            "value": "8.0"
        },
        {
            "action": "Allow",
            "name": "minWindowsAppVersion",
            "value": "1.0"
        }
    ],
    "endpointRestrictions": {
        "maxEndpointTrustDurationInDays": 15,
        "maxEnrolledDevices": 5,
        "maxTrustedEndpoints": 5,
        "trustedEndpointsEnabled": true,
        "maxIncorrectAttempts": 10
    },
    "id": "AuthenticationFactorSettings",
    "mfaEnrollmentType": "Required",
    "pushEnabled": true,
    "schemas": [
        "urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorSettings"
    ],
    "securityQuestionsEnabled": false,
    "smsEnabled": false,
    "hideBackupFactorEnabled": false,
    "totpEnabled": true,
    "totpSettings": {
        "hashingAlgorithm": "SHA1",
        "jwtValidityDurationInSecs": 300,
        "keyRefreshIntervalInDays": 60,
        "passcodeLength": 6,
        "smsOtpValidityDurationInMins": 10,
        "smsPasscodeLength": 6,
        "timeStepInSecs": 30,
        "timeStepTolerance": 3
    },
    "meta": {
        "resourceType": "AuthenticationFactorSettings",
        "created": "2016-11-14T18:16:21.319Z",
        "lastModified": "2016-11-17T10:10:36.594Z",
        "location": "http://tenant-base-url/admin/v1/AuthenticationFactorSettings/AuthenticationFactorSettings"
    },
    "idcsCreatedBy": {
        "value": "idcssm",
        "type": "App",
        "display": "idcssm",
        "$ref": "http://tenant-base-url/admin/v1/Apps/idcssm"
    },
    "idcsLastModifiedBy": {
        "value": "e590d53525214b9e9c1774d2bf5740a5",
        "type": "User",
        "display": "admin opc",
        "$ref": "http://tenant-base-url/admin/v1/Users/e590d53525214b9e9c1774d2bf5740a5"
    }
}
Back to Top