1. Administering Oracle Identity Cloud Service
  2. Configure Security Settings
  3. Manage Adaptive Security in Oracle Identity Cloud Service
  4. Configure the Default Risk Provider

Configure the Default Risk Provider

You can modify the risk provider that's associated with Oracle Identity Cloud Service actions. When this risk provider, known as the default risk provider, is activated, it evaluates the following events that constitute risk-based activity for Oracle Identity Cloud Service users:

  • Access from an unknown device: If a user accesses Oracle Identity Cloud Service from a device that hasn’t been previously used to access the service, then this event (commonly referred to as Device Fingerprinting) is triggered.

  • Too many unsuccessful login attempts: If the number of unsuccessful login attempts exceed the value specified for the Account lock threshold attribute for the password policy, then this event is triggered.

    Note:

    See Modify the Custom Password Policy to learn how to set the maximum number of unsuccessful logins that the user can attempt in Oracle Identity Cloud Service before they're locked out of their account.

  • Too many unsuccessful MFA attempts: If the number of unsuccessful login attempts using the factors configured exceed the value specified for the Max Unsuccessful MFA attempts attribute for MFA, then this event is triggered.

    Note:

    See Configure Multi-Factor Authentication Settings to learn how to set the maximum number of unsuccessful MFA logins that the user can attempt in Oracle Identity Cloud Service using their MFA factors before they’re locked out of their account.

Note:

If an event is disabled, then Oracle Identity Cloud Service won't use it to generate a risk score that can be used to evaluate risk-based activity for Oracle Identity Cloud Service users. Also, if the default risk provider is deactivated, then the user’s risk score won’t be increased.

Modifying the default risk provider includes:

  • Changing the description of the risk provider.

  • Setting the Low, Medium, and High risk range for this risk provider.

  • Enabling or disabling the individual events for contextual and threat analytics.

  • Setting a value (weighting) for each event that corresponds to the risk range for this risk provider. For example, suppose you set the Low risk range for the risk provider to be from 0-10, the Medium risk range to be from 11-80, and the High risk range to be from 81-100. If you set the weighting of the Access from an unknown device event to 20, and a low-risk user accesses Oracle Identity Cloud Service with a device that is previously not used which Oracle Identity Cloud Service doesn't recognize, then the user's risk range will change to Medium.

To modify the default risk provider:

  1. In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then click Adaptive Security.

  2. In the Adaptive Security page, click the Action menu Action menu to the right of the default risk provider.

  3. Select Edit. The risk provider opens and displays three panes: Details, Risk Range, and Events. See Add a Third-Party Risk Provider for more information about the Details and Risk Range panes.

  4. Change the values that you want to modify in the Details and Risk Range panes.

  5. In the Events pane:

    1. Select or deselect a check box to enable or disable the event. By doing so, you're specifying whether Oracle Identity Cloud Service will use this event to generate a risk score that can be used to evaluate risk-based activity for Oracle Identity Cloud Service users.

      Note:

      If you disable all events for the default risk provider, then you can't save it.

    2. Use the slider to set the weighting for each event to Low, Moderate, Severe, or Critical.

  6. Click Save.

  7. In the Confirmation window, click Yes.