What are the different events and notifications associated with the Single Sign-On functionality?
Automatic notifications are sent for the following events associated with single sign-on.
-
When an administrator requests access to the Administration Activity page to disable single sign-on
-
When the single sign-on functionality is disabled using the Administration Activity page, notification is sent to that user who disabled SSO.
-
When the external identity provider's signing certificate is about to expire
-
When the service provider's signing certificate is about to expire
-
When the service provider's encryption certificate is about to expire
-
To receive notifications, users must be assigned the Administer SSO (ASE_ADMINISTER_SSO_PRIV) privilege. To make sure that recipients don't miss the notifications, they're sent thrice:
- First notification: 60 days before the expiry date
- Second notification: 30 days before the expiry date
- Last notification: 10 days before the expiry date
In the environments that have upgraded to the OCI IAM identity domain, the IdP/SP SSO signing certificate expiry warning notifications are managed by the OCI IAM identity domain. For more information, see About Email Notifications.