1. Enable credential expiry notification for OCI Identity and Access Management
  2. Configure

Configure

Automation supports various configuration parameters for the solution as per security team's requirement. Refer to the list of parameters supported and then configure to trigger the automation.

Create and Configure the OCI Resource Scheduler

Create a schedule for the automation.

  1. Open the navigation menu and click Governance & Administration.
  2. Under Resource Scheduler, click Schedules.
  3. Under Create a Schedule, click Create a Schedule.
    The Create a schedule dialog box opens.
  4. Complete the basic information: schedule name, schedule description, and select start for the action to be executed, then click Next.
  5. Under Resources select your function compartment and function, then click Next.
  6. Under Schedule select Daily and configure other parameters per your requirements.
  7. In the Repeat every field, enter how often you would like the schedule to run or use the menu to select an interval.
    The minimum value is 1. The maximum value is 99.
  8. In the Start Time field, enter the time in hours and minutes in 24-hour format.
  9. Click Next to go to Review. If you don't have any changes, then click Create Schedule.

Reconfigure the Function Parameters

Review the function parameters and reconfigure them, if required.

  1. Open the navigation menu and click Developer Services. Under Functions, click Applications.
  2. Select the compartment specified during function provisioning.
  3. Click the name of the application containing functions to which you want to pass custom configuration parameters.
  4. Click the function's name and then click Configuration to update for the function.
    Name of Parameter Description Example
    critical_in_days Critical threshold for notification in days. 60
    expiry_in_days Expiry threshold for notification in days. 90
    warning_in_days Warning threshold for notification in days. 30
    domain_ocids List of OCID's of identity domains. Multiple OCIDs are supported when comma separated. OCID1.aaa ...,OCID2.bbb ...
    exception_users Accounts which do not require rotating secrets. This field enables you to add exceptions for users by using the user name with domain name. user1@example.com@default,user2@example.com@customdomain
    host Host name of SMTP relay service smtp.email.ap-mumbai-1.oci.example.com
    monthly_report_day Day of the month to receive consolidated report, either monthly or bimonthly. 5,7,15
    weekly_report_day Day of the week to receive consolidated report as either weekly or biweekly. Tuesday,Monday
    port SMTP port number used by the SMTP relay service. 587
    report_recipients Recipient email addresses of SecOps team members who must receive the consolidate report. secops1@example.com
    report_requested Boolean value, if the report must be sent to SecOps. yes
    sender The sender (from address) that has permission to send email. noreply@notification.ap-mumbai-1.oci.example.com
    smtppass SMTP password for SMTP relay service. Password must be stored in OCI Vault. OCID1.vault.aaa ...
    smtpuser SMTP user name or OCID if using email delivery for the SMTP relay service. OCID1.user.aa.bb ...

Report recipients will begin receiving expiry email notification for OCI Identity and Access Management credentials.