1. Configuring the Amazon Web Services Application
  2. Frequently Asked Questions

7 Frequently Asked Questions

Use these Frequently Asked Questions (FAQs) as guidelines and to troubleshoot connector issues.

  1. What is Programmatic Access status attribute?

    Answer: Programmatic Access status attribute is a checkbox which shows the status of the programmatic access in the AWS target system. If the enableProgrammaticAccess configuration parameter is set to true, this checkbox will be updated during enable operation.

    Note:

    • Since the Programmatic Access Status attribute is a write-back field, do not manually update it from Oracle Identity Governance.
    • This checkbox is updated during reconciliation irrespective of the configuration parameter value.

  2. What happens if the ChangePasswordNextSignIn flag is set to true?

    Answer: If the ChangePasswordNextSignIn flag is set to true, the IAMUserChangePassword policy will be added by default.

  3. Why does enablement from Oracle Identity Governance fail for user accounts created through reconciliation?

    Answer: Password will be out of syncronization between the AWS target system and Oracle Identity Governance for user accounts created through reconciliation. So, after completion of initial reconciliation, perform reset password to ensure that password is synchronized between AWS and the Oracle Identity Governance systems.

    Note: This is applicable to enabling user by creating Login Profile in AWS and performing subsequent reconciliation to Oracle Identity Governance.

  4. Why reset password dysfunctions if the path value is set to anything other than the default path(/)?

    Answer: It is a limitation from AWS. To reset password from Oracle Identity Governance, follow any one of the below steps in the AWS target system:

    1. Attach the iam:ChangePassword policy to the user.
    2. Select the allow user to change their own password check box from the set of rules customized inside the password policy from Account settings.

  5. How are AWS inline policies supported from Oracle Identity Governance?

    Answer: Inline policies are fetched from AWS through reconciliation to the Oracle Identity Governance account. Connector supports detachment of inline policies from the account. Inline polices can be attached only from AWS.

  6. When is the Policy Type value reflected in Oracle Identity Governance?

    Answer: Policy type value will be reflected in Oracle Identity Governance only after user reconciliation operation is completed.

  7. What are the AWS Password-non-alphanumeric supported characters?

    Answer: (!@#$%^&*()_+-=[]{}|') are the AWS Password-non-alphanumeric supported characters.

  8. Can you remove group inherited AWS policies from Oracle Identity Governance?

    Answer: No, you cannot remove Group inherited policy attached to user accounts from Oracle Identity Governance. However, removing a group from the Oracle Identity Governance account will remove the corresponding group and inherited policies of the user in the AWS target system. To reflect changes in Oracle Identity Governance, run the account reconciliation job.