Oracle Identity Cloud Service provides you with a wizard to add an identity provider policy. As a result, you define criteria that Oracle Identity Cloud Service uses to determine which identity providers are available for users to authenticate against Oracle Identity Cloud Service when they're accessing particular apps.
- The user name of the user
- The IP address that the user is using to sign in to Oracle Identity Cloud Service
- The identity providers that will be available to the user to access Oracle Identity Cloud Service
This wizard contains the following panes:
Details: Provide the name and description for the policy.
Identity Provider Rules: Assign or remove identity providers for this policy.
Apps: Assign or remove apps for this policy.
- In the Identity Cloud Service console, expand the Navigation Drawer, select Security, IDP Policies.
Tip:In the Identity Provider Policies page, Oracle Identity Cloud Service provides you with a default identity provider policy. See Understand Identity Provider Policies for more information about this policy.
- On the Identity Provider Policies page, click Add.
- On the Add Identity Provider Policy wizard, Details pane, enter the name of the policy in the Policy Name field, then, click Next .
After providing information in the Details pane and clicking Next , Oracle Identity Cloud Service adds the identity provider policy.
You may want to assign or remove identity providers or apps for this policy. To do this, the wizard has the Identity Provider Rules and Apps panes.
- In the Identity Provider Rules pane of the wizard, click Add Rules to assign identity providers to this policy.
- Use the following table to populate the Add Rules dialog box:
Enter the name of the identity provider rule.
If the user name:
Specify information about users' user names that Oracle Identity Cloud Service will use to determine whether users will meet the criteria of the rule. For example, if you want the rule to be applicable only to those users that have user names that end with
, then select Ends With from the drop-down menu, and enter @example.com in the associated text field.
And is not one of these users:
Enter or select the users that will be excluded from the rule.
And the user's client IP address is:
There are two options associated with this field: Anywhere and In one or more of these network perimeters.
If you select Anywhere, then the identity providers that you specify in this rule will be available to users that log in to Oracle Identity Cloud Service using any IP address.
If you select In one or more of these network perimeters, then a text area appears. In this text area, you can enter or select network perimeters that you defined in Oracle Identity Cloud Service. See Add a Network Perimeter. The identity providers that you specify in this rule will be available to users that log in to Oracle Identity Cloud Service using only IP addresses that are contained in the defined network perimeters.
Assign Identity Providers:
Select the identity providers and local authentication factors that will be available to users to sign in to Oracle Identity Cloud Service if they meet the criteria of this rule.
Note:In addition to the identity providers that you create in Oracle Identity Cloud Service, there are predefined local authentication factors available to you to assign to this identity provider rule. To use local authentication factors, you must first turn on the Enable User Name First switch in the Session Settings page, and then select the factors that you want to enable in the Multi-Factor Authentication (MFA) Settings page. See Understand Identity Provider Policies for more information about these authentication factors. See Change Session Settings and Configure Multi-Factor Authentication Settings.
Note:You may have added incorrect identity provider rules to this policy inadvertently. If so, then you can remove them by clicking the "X" in the label for the rule in the Assign Identity Providers box.
- Click Save.
- To add another identity provider rule to this policy, repeat step 5 above.
Note: If you have added multiple identity provider rules to this policy, then you can change the order that will Oracle Identity Cloud Service evaluate them. See Change the Priority of an Identity Provider Rule for the Policy.
- When you are finished adding identity provider rules, click Next .
- In the Apps pane of the wizard, click Assign to assign apps to this policy.
- In the Assign Apps dialog box, select the check box for each app that you want to assign to the policy, then, click OK.
You can assign only one identity provider policy to an app. If the app isn't assigned to any identity provider policy explicitly, then the default identity provider policy applies to the app.
You can remove apps from the policy by selecting the check box for each app that you want to remove, clicking Remove, and then clicking OK from the confirmation window.
- Click Finish.