3.3.2.7 Configuring Authentication Controls for an Instance

Configure authentication controls for an entire Oracle Application Express instance.

Note:

To ensure the security and performance of your development environment, this functionality is not available in Application Express instances running in Oracle Cloud.

• About Authentication Controls
  Administrators can configure authentication controls for an entire instance or for each individual workspace.
• Configuring Security for Developer and End User Login
  Configure developer and end user login security settings.
• Configuring Security Settings for Workspace Administrator and Developer Accounts
  Manage security settings for workspace administrator and workspace developer accounts.
• Editing Development Environment Authentication Scheme
  Manage development environment authentication schemes.

See Also:

"Managing Workspace Account Login Controls"

3.3.2.7.1 About Authentication Controls

Administrators can configure authentication controls for an entire instance or for each individual workspace.

For example, if an instance administrator configures authentication controls in Oracle Application Express Administration Services that configuration applies to all Application Express accounts in all workspaces across an entire development instance.

If the instance administrator does not enable authentication controls across an entire instance, then each Workspace administrator can enable the following controls on a workspace-by-workspace basis:

• User account expiration and locking

• A maximum number of failed login attempts for user accounts

• Account password lifetime (or number of days an end-user account password can be used before it expires for end-user accounts)

Tip:

This feature applies only to accounts created using the Application Express user creation and management. It provides additional authentication security for applications. See "Managing Users in a Workspace."

See Also:

• "Managing Workspace Account Login Controls"

• "Configuring Security for Developer and End User Login"

• "Configuring Security Settings for Workspace Administrator and Developer Accounts"

3.3.2.7.2 Configuring Security for Developer and End User Login

Configure developer and end user login security settings.

To configure security settings for developer and end user login:

1. Sign in to Oracle Application Express Administration Services.
2. Click Manage Instance.
3. Under Instance Settings, click Security.
4. Under General Settings, configure the following attributes:
   1. Delay after failed login attempts in Seconds - After failed logins, Oracle Application Express displays a countdown of this number times the number of failed login attempts, before it accepts new login attempts with the same username. Enter 0 to disable the countdown and allow immediate access.
   2. Method for computing the Delay - Select a method for computing the delay for failed log ins. The computation methods are based on recent data in the Login Access Log.
      See item help for further details.
   3. Inbound Proxy Servers - Enter a comma-separated list of IP addresses for well known proxy servers, through which requests come in. Oracle Application Express uses this list to compute the actual client address from the HTTP Headers X-Forwarded-For and REMOTE_ADDR.
   4. Single Sign-On Logout URL - Enter the URL Application Express redirects to trigger a logout from the Single Sign-On server. Application Express automatically appends ?p_done_url=...login url....
5. Click Apply Changes.

3.3.2.7.3 Configuring Security Settings for Workspace Administrator and Developer Accounts

Manage security settings for workspace administrator and workspace developer accounts.

To configure security controls for workspace administrator and workspace developer accounts:

1. Sign in to Oracle Application Express Administration Services.
2. Click Manage Instance.
3. Under Instance Settings, click Security.
4. Under Development Environment Settings,, configure the following attributes:
   1. Username Validation Expression - Enter a regular expression to validate the usernames of developers and administrators. Enter * to bypass the validation. The following example validates that the username is an email address:

      ^[[:alnum:]._%-]+@[[:alnum:].-]+\.[[:alpha:]]{2,4}$

   2. Require User Account Expiration and Locking - Applies to end user accounts created using the Oracle Application Express account management interface. Select Yes to enable Application Express user account expiration and locking features across all workspaces. This selection prevents the same feature from being disabled at the workspace-level. Select No to relinquish control to each Workspace administrator. 
   3. Maximum Login Failures Allowed - Enter an integer for the maximum number of consecutive unsuccessful authentication attempts allowed before a developer or administrator account is locked. If you do not specify a value in this field, the default value is 4.

      This setting applies to administrator and developer accounts. It does not apply to end user accounts. The value you enter is used as the default for the workspace-level Maximum Login Failures Allowed preference if the Workspace administrator does not specify a value. That preference is used for end-user accounts within the respective workspace.

   4. Account Password Lifetime (days) - Enter a number for the maximum number of days a developer or administrator account password may be used before the account expires. If you do not specify a value in this field, a default value is 45 days.

      This setting applies to accounts used to access the Application Express administration and development environment only. It does not apply to end user accounts. The value you enter is used as the default workspace-level End User Account Lifetime preference which workspace administrators can change. The workspace-level preference applies to the accounts within that workspace.

5. Click Apply Changes.

3.3.2.7.4 Editing Development Environment Authentication Scheme

Manage development environment authentication schemes.

To edit development environment authentication schemes:

1. Sign in to Oracle Application Express Administration Services.
2. Click Manage Instance.
3. Under Instance Settings, click Security.
4. Scroll down to Development Environment Authentication Schemes.
5. Click the Edit icon adjacent to the authentication scheme you wish to edit.
6. Edit the appropriate attributes. To make the selected authentication scheme current, click Make Current Scheme.

   To learn more about an attribute, see field-level Help.

7. To save you changes, click Apply Changes.

Tip:

You can also change the authentication scheme using the APEX_BUILDER_AUTHENTICATION parameter in APEX_INSTANCE_ADMIN package. See "Available Parameter Values" in Oracle Application Express API Reference.