About Oracle Identity Cloud Service
Oracle Identity Cloud Service provides identity management, single sign-on (SSO), and identity governance for applications on-premise, in the cloud, or for mobile devices. Employees and business partners can access applications at any time, from anywhere, and on any device in a secure manner.
Oracle Identity Cloud Service integrates directly with existing directories and identity management systems, and makes it easy for users to get access to applications. It provides the security platform for Oracle Cloud, which allows users to securely and easily access, develop, and deploy business applications such as Oracle Human Capital Management (HCM) and Oracle Sales Cloud, and platform services such as Oracle Java Cloud Service, Oracle Business Intelligence (BI) Cloud Service, and others.
Administrators and users can use Oracle Identity Cloud Service to help them effectively and securely create, manage, and use a cloud-based identity management environment without worrying about setting up any infrastructure or platform details.
Using Oracle Identity Cloud Service, you can:
-
Manage your users, groups, and applications. Tailor the relationships that your users and groups have with your cloud-based Oracle applications and custom applications. See About Oracle Identity Cloud Service User Accounts and Groups and About Oracle Identity Cloud Service Applications and Application Roles.
-
Manage jobs. Bulk load data from other repositories into Oracle Identity Cloud Service, view jobs and job details, and export job errors. See Managing Oracle Identity Cloud Service Jobs.
-
Run reports. Run operational or historical reports that capture data about Oracle Identity Cloud Service. See Running Oracle Identity Cloud Service Reports.
-
Manage default settings. Change the default and session settings for your identity domain. See Change Oracle Identity Cloud Service Default Settings.
-
Manage user settings. Change settings for user accounts. See Manage User Settings in Oracle Identity Cloud Service.
-
Manage certificates for your trusted partners. Oracle Identity Cloud Service uses trusted partner certificates that have Distinguished Encoding Rules (DER) file extensions. See Manage Oracle Identity Cloud Service Trusted Partner Certificates.
-
Customize notifications. Create and send notifications to administrators and users using the supplied email templates. Tailor the recipients and content of these notifications to meet your business and security requirements. See Customize Oracle Identity Cloud Service Notifications.
-
Manage password policies. Create and manage password policies for an identity domain and assign them to groups. A password policy is applicable to all users in the group it is associated with. For all new users, Oracle Identity Cloud Service validates their passwords against your password policy to verify that those passwords meet the criteria for the policy. Adjust the strength of your password policies as needed to reflect different priorities and ensure a strong, secure environment. See Managing Oracle Identity Cloud Service Password Policies.
-
Customize the UI. In addition to notifications and password policies, you can customize the Sign In page and Identity Cloud Service console. See Customizing the Oracle Identity Cloud Service Interface.
-
Manage Provisioning Bridges. If you use on-premises apps such as Oracle Internet Directory as authoritative sources for your company's users and groups, then the Provisioning Bridge provides a link between these apps and Oracle Identity Cloud Service. The Provisioning Bridge can leverage Identity Connector Framework (ICF) connectors to synchronize with the associated apps so that any new, updated, or deleted user or group records are transferred into Oracle Identity Cloud Service. The state of each record is synchronized between the apps and Oracle Identity Cloud Service. See Manage Provisioning Bridges for Oracle Identity Cloud Service.
-
Manage Microsoft Active Directory (AD) Bridges. If you use Microsoft Active Directory as an authoritative source, then the bridge provides a link between your on-premises Microsoft Active Directory and Oracle Identity Cloud Service. Oracle Identity Cloud Service can synchronize with Microsoft Active Directory so that any new, updated, or deleted user or group records are transferred into Oracle Identity Cloud Service. The state of each record is synchronized between Microsoft Active Directory and Oracle Identity Cloud Service. See Manage Microsoft Active Directory (AD) Bridges for Oracle Identity Cloud Service.
-
Manage session settings. Define session expiration, logout and logout redirect URLs, and configure Allow Cross-Origin Resource Sharing (CORS) to allow client applications that run on one domain to obtain data from another domain. See Managing Oracle Identity Cloud Service Session Settings.
-
Manage self-registration profiles. Create self-registration profiles to manage different sets of users, approval policies, and applications in Oracle Identity Cloud Service. See Manage Self-Registration Profiles in Oracle Identity Cloud Service.
-
Download software development kits (SDKs) and applications. Oracle Identity Cloud Service provides you with a centralized location in the Identity Cloud Service console where you can download SDKs and applications. See Download Oracle Identity Cloud Service SDKs and Applications.
-
Customize schemas. Create, edit, and delete custom schema attributes. You may need to create a custom schema attribute, for example, when you are creating your own user interface and can't find a schema attribute that you need in the base Oracle Identity Cloud Service schema attributes. See Customize Schemas in Oracle Identity Cloud Service.
-
Manage Adaptive Security. Manage default and custom risk providers that Oracle Identity Cloud Service uses to evaluate risk-based activity for Oracle Identity Cloud Service users, and generate a risk score for these users, based on this activity. This risk score is a number that varies from risk provider to risk provider, reflecting user threat. See Manage Adaptive Security in Oracle Identity Cloud Service.
-
Manage identity providers. Add SAML 2.0 and social identity providers so that users can interact with Oracle Identity Cloud Service using websites that are external to Oracle Identity Cloud Service. See Manage Oracle Identity Cloud Service Identity Providers.
-
Manage identity provider policies. Create identity provider policies to restrict which identity providers appear on the Sign In page when users are accessing particular apps. See Manage Oracle Identity Cloud Service Identity Provider Policies.
-
Manage sign-on policies. Create sign-on policies to define criteria that Oracle Identity Cloud Service uses to allow or deny access to users for apps that are assigned to them. See Manage Oracle Identity Cloud Service Sign-On Policies.
-
Manage network perimeters. Define network perimeters to restrict the IP addresses that users can use to log in to Oracle Identity Cloud Service. See Manage Oracle Identity Cloud Service Network Perimeters.
-
Manage App Gateway. to integrate web applications hosted either on a compute instance in a cloud infrastructure, or in an on-premises server with Oracle Identity Cloud Service for authentication purposes.
-
Manage account recovery. Configure account recovery in Oracle Identity Cloud Service to help users regain access to their accounts if they have trouble signing in, they’re locked out, or they forget their passwords. See Manage Account Recovery in Oracle Identity Cloud Service.
-
Manage Multi-Factor Authentication settings. Change the security settings such as Multi-Factor Authentication (MFA) for your identity domain. See Managing Oracle Identity Cloud Service Multi-Factor Authentication Settings.
-
Manage OAuth Settings. Configure OAuth settings for your environments. See Managing Oracle Identity Cloud Service OAuth SettingsConfiguring Oracle Identity Cloud Service OAuth Settings.
-
Manage delegated authentication. Use delegated authentication to enable users to use their Microsoft Active Directory passwords to sign in to Oracle Identity Cloud Service to access resources and applications protected by Oracle Identity Cloud Service. See Configure Delegated Authentication in Oracle Identity Cloud Service.
-
Transfer configuration data. Import and export configurations, entities, and customizations as an integral part of migrating an Oracle Identity Cloud Service environment. See Transferring Oracle Identity Cloud Service Configurations.
-
Manage account recovery. Configure account recovery in Oracle Identity Cloud Service. See Manage Account Recovery in Oracle Identity Cloud Service.
Standard License Tier Features for Oracle Identity Cloud Service
Learn more about License Tiers.
Most features are already enabled for Standard Tier License tenants. See About Oracle Identity Cloud Service Pricing Models. If you don’t see any of these features in Oracle Identity Cloud Service and want to use them, you must file a Service Request with My Oracle Support.
Category | Feature | Description |
---|---|---|
Application Gateway |
App Gateway |
Use App Gateway to integrate applications hosted either on a compute instance, in a cloud infrastructure, or in an on-premises server with Oracle Identity Cloud Service for authentication purposes. See Understand App Gateway. |
Applications |
Authorization Policy for Enterprise Applications |
Enterprise applications that are protected using App Gateway can now make use of authorization policies. Administrators can define, allow or deny authorization policies using authenticated IdP, group membership, network perimeter, day and time of day as authorization conditions See Configure an Authorization Policy. |
Device Fingerprint | Device Fingerprint |
User device attributes are processed and the fingerprint is stored in a browser cookie to uniquely identify a user's system. |
EBS Asserter |
EBS Asserter |
Use the Oracle Identity Cloud Service E-Business Suite Asserter component from Oracle Identity Cloud Service to integrate your Oracle E-Business Suite environment with other cloud and non-cloud services using Oracle Identity Cloud Service Single Sign-On (SSO). |
Identity Provisioning |
Provisioning Bridge |
The Provisioning Bridge provides synchronization of users and groups between your on-premises apps and Oracle Identity Cloud Service. Learn how you can create, manage, and remove Provisioning Bridges in Oracle Identity Cloud Service. See Understand the Provisioning Bridge and Why Use the Provisioning Bridge?. |
Identity Provisioning |
Lifecycle Rules |
Manage the complete user life cycle and automate the process of the joiner, mover and leaver. If there is any change in a User attribute, you can propagate that to the downstream application (for example, if a user gets disabled, then all accounts owned by this user would be disabled automatically). |
Security |
IDP Discovery Rules |
Identity Provider (IDP) Discovery enables you to organize the login page based on the username, for example, if you want corporate SSO login for some users and you want them to be logged in using social Identity Providers. Depending on the application being accessed and who is accessing it you can completely customize the way user can login. See:
|
LDAP |
LDAP2SCIM Proxy |
The LDAP2SCIM proxy will allow application clients to integrate with Oracle Identity Cloud Service using LDAP protocol. This is a beta only feature currently available on invitation basis. |
Passwordless Login |
Tired of resetting passwords? Passwordless authentication is available. |
Instead of passwords, proof of identity can be verified based on possession of something that uniquely identifies the user (for example, a one-time password (OTP), a registered mobile device, or a hardware token). Once enabled, users can access protected resources either by using a user name and password or passwordless authentication. Users use self-service to set up passwordless authentication. |
SAML |
Just-In-Time (JIT) Provisioning |
Using SAML, JIT provisioning automates user account creation for target service providers when the user first tries to perform SSO and the user does not exist. In addition to automatic user creation, JIT implementation allows granting and revoking group memberships as part of provisioning. JIT implementation also updates provisioned users so the users’ attributes in the Service Provider store can be kept in sync with the Identity Store user store attributes. See Understand SAML Just-In-Time Provisioning. SAML JIT Provisioning uses Oracle Identity Cloud Service REST APIs. See Create an Identity Provider. For more information about how to use SCIM APIs, see REST API for Oracle Identity Cloud Service. |
Security |
AD Bridge High Availability |
Set up High Availability and Load Sharing so that you don’t have a single point of failure for your AD Bridge architecture. See About Multiple AD Bridges for High Availability and Load Balancing. |
AD Bridge |
AD Bridge – Sync Only |
Synchronize users and groups from selected organizational units (OUs) in Microsoft Active Directory (AD) into Oracle Identity Cloud Service. You can perform either an incremental sync or a full sync. Learn about syncing new OUs and read some example use cases. See Understand Full and Incremental Sync. |
Security | Delegated Authentication |
With delegated authentication, identity domain administrators and security administrators don’t have to synchronize user passwords between an on-premises Microsoft Active Directory (AD) enterprise directory structure and Oracle Identity Cloud Service. Users can use their AD passwords to sign in to Oracle Identity Cloud Service to access resources and applications protected by Oracle Identity Cloud Service. |
Security | Duo as an authentication factor. |
Use Duo Security factors to securely authenticate and to sign into apps secured by Oracle Identity Cloud Service. |
Security |
X.509 Certificate Authentication for Identity Providers |
Use an X.509 authenticated identity provider with certificate-based authentication to comply with Personal Identity Verification (PIV) card requirements. See Enable X.509 Certificate Authentication, Import a Trusted Partner Certificate, and Add an X.509 Authenticated Identity Provider. |
Security |
Phone call as an authentication factor. |
Use a phone call to securely authenticate and to sign into apps secured by Oracle Identity Cloud Service. See Configure Multi-Factor Authentication Settings and Configure One-Time Passcode Text Messages. |
Security |
FIDO Security |
Use FIDO Authentication as an MFA Factor so that users use platform authentication, such as Windows Hello or Mac Touch ID, or cross platform authentication, using devices such as Yubikeys. |
Security |
Group-Based Password Policies |
You can have multiple password policies in Oracle Identity Cloud Service and associate them with different groups and set the priorities. Group password policies allow you to define password policies and associated rules to enforce password settings on the group level. You can create multiple policies with more- or less-restrictive rules. |
Security | Network Perimeters |
For security purposes, identity domain administrators, security administrators, and application administrators can define network perimeters in Oracle Identity Cloud Service. A network perimeter contains a list of IP addresses. |
Security |
Secure Oracle Database with RADIUS Proxy |
Enterprises can now secure their Oracle Database instances with two-factor authentication using RADIUS Proxy. Using RADIUS Proxy, Oracle Identity Cloud
Service can:
|
User Experience |
Customize the sign in page by creating your own HTML code and translations. |
Instead of using the default sign in page, administrators can create a Hosted Sign In page to change the look and feel of the sign-in experience. You create a Hosted Sign In page by adding a background image as well as designing custom HTML code and specifying translations (specifying translations is optional.). |