Understanding Adaptive Security

Adaptive Security is an advanced feature that provides strong authentication capabilities for your users, based on their behavior within Oracle Identity Cloud Service, and across multiple heterogeneous on-premises applications and cloud services.

When activated, the Adaptive Security feature can analyze a user’s risk profile within Oracle Identity Cloud Service based on their historical behavior, such as too many unsuccessful login attempts, too many unsuccessful MFA attempts, and real-time device context like logins from unknown devices, access from unknown locations, blacklisted IP addresses, and so on. To evaluate the user’s behavior across other systems with which Oracle Identity Cloud Service isn’t directly involved, Adaptive Security allows you to configure your existing risk providers, such as Oracle Security Monitoring and Analytics (SMA) Cloud Service, to obtain the user’s risk score from these external providers. With this enriched context and risk information, Adaptive Security risk profiles each user, and arrives at its own risk score and an overall consolidated risk level (High, Medium, Low) that can be used with Oracle Identity Cloud Service policies to enforce a remediation action, such as allowing or denying the user from accessing Oracle Identity Cloud Service and its protected applications and resources, requiring the user to provide a second factor to authenticate into Oracle Identity Cloud Service, and so on. Administrators can also view how the user’s risk profile trended over a period of time, and drill down to see details associated with each event.