Migrating from Per-Environment IP Allowlist to Network Perimeter in an Identity Domain

Currently, you can set the IP allowlist for a particular environment using setIPAllowlist EPM Automate command. Alternatively, IP allowlists for an entire identity domain can be configured using Network Perimeter settings in Identity Cloud Service. See Setting up Network Perimeter.

However, the per-environment IP allowlist functionality is deprecated and will be removed in the future. Once deprecated, any IP restrictions set using setIPAllowlist will no longer apply and your environment will begin accepting requests from all IP addresses by default.

To maintain your security posture and ensure continuity, you must migrate all IP allowlists defined per environment to the Network Perimeter of the corresponding identity domain. Here's how:

1. If you have multiple environments within an identity domain, use the getIPAllowlist EPM Automate command on each environment to retrieve their configured IP addresses and CIDRs.
2. Combine all these IP addresses and CIDRs into a single consolidated list.
3. Add the unique, non-overlapping entries from that list into the Network Perimeter settings of the identity domain in Oracle Cloud Console.

This ensures your IP-based access controls remain in place after the deprecation takes effect.