Authentication

Previous Next JavaScript must be enabled to correctly display this content

Authentication

Your users require credentials to authenticate themselves to Oracle Cloud. Users can generate and rotate their own credentials. In addition, a tenancy security administrator can reset the credentials for any user within a tenancy.

A user can have the following credentials:

A console password to sign in to the web console of Oracle Cloud Infrastructure.
API signing keys (in PEM format) for sending API requests.
Auth tokens to authenticate with third-party APIs.
For example, users need an auth token to authenticate a Swift client when using Recovery Manager (RMAN) to back up a DB system database to Oracle Cloud Infrastructure Object Storage.
Customer secret keys for using the Amazon S3 Compatibility API with the Oracle Cloud Infrastructure Object Storage.
SMTP credentials for using the Email Delivery service.

Use the following controls to securely set up and manage user accounts in your tenancy:

Done?	Security Controls and Recommendations
	Identify users who need access to Oracle Cloud Infrastructure.
	Use unique and complex passwords.
	Enforce password rotation and API key rotation every 90 days or less.
	Ensure that credentials are not hard-coded in any software or listed in any documentation.
	Do not share user accounts across multiple users.
	Implement mechanisms to disable tenancy access immediately when an employee leaves the organization.
	Periodically review membership of users in IAM groups, and remove users from groups that they don’t need access to anymore.
	Use tenancy administrator credentials only in emergencies, not for day-to-day work.
	Periodically review the audit logs for administrator activities.
	Use multifactor authentication (MFA).
	Monitor audit logs for accesses by the default tenancy administrator and changes to the administrator group to alert on any unauthorized actions.

Title and Copyright Information

Security checklist for Oracle Cloud Infrastructure

F33112-01

July 2020

Copyright © 2020, Oracle and/or its affiliates.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or “commercial computer software documentation” pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract. The terms governing the U.S. Government’s use of Oracle cloud services are defined by the applicable contract for such services. No other rights are granted to the U.S. Government.

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.

Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at https://docs.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit https://docs.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit https://docs.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.