Skip to Main Content

Identity & Platform

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Security Policy for OCI Console Sign-On Policy

Jim DicksonDec 25 2024 — edited Dec 26 2024

I have received email on this subject (see below) and have no idea if I need to do anything

I have 3 domains. Not 100% sure what I am looking for but here are some screenshots.

Could do with some advice - what to check, how to determine whether I need to take action.

Only this domain = Default offers Restore Defaults button - but not sure if this implies there are non-default options active/enabled.

Email body :

Oracle Cloud Infrastructure Identity and Access Management - Second Reminder: Review Changes to the Security Policy for OCI Console Sign-On Policy

Oracle Cloud Infrastructure Customer,

Earlier this year, Oracle enabled MFA across all tenancies via the "Security Policy for OCI Console sign on policy". Use these instructions only if any of your tenant administrators or domain administrators have modified the "Security Policy for OCI Console" sign-on policy. If you haven't made any changes to this sign-on policy, then this email does not apply to you.

If the "Security Policy for OCI Console" sign-on policy has deviated from the Oracle security defaults, you must provide explicit consent to either retain the current state of the sign-on policy or restore it to the Oracle security defaults. To review the sign-on policy, sign in to the Console as a tenancy administrator or domain administrator. Once signed in, the "Review sign-on policy changes" page will be displayed, if the sign-on policy has been modified, where you can make one of the following choices and then save the change:

Keep changes: Select this option if the sign-on policy changes meet your custom requirements and you want to keep your policy as is. By accepting consent, you acknowledge the risks of deviating from Oracle's security defaults. We will record your consent and notify the domain administrators via email.

Restore to default policy: Select this option to revert to the Oracle security defaults. By accepting consent, you agree to restore all elements of the "Security Policy for OCI Console" sign-on policy, including phishing-resistant factors, to the Oracle security defaults. Restoration consent is recorded, and email notifications are sent to the domain administrators of the respective domain.

Note: Oracle sends three email reminders to all tenancy administrators, reminding them to review the "Security Policy for OCI Console" sign-on policy for each of their domains and to either keep any customizations to the policy or restore the policy to the Oracle security defaults. After three email reminders, at least one administrator must provide consent before you can continue working in the Console.

For more information about making changes to the OCI default security posture, see Changing and Restoring a Domain's Default Security Posture Using the Required Consents.

We highly recommend that you use phishing-resistant MFA for all users.

Service(s)
Oracle Cloud Infrastructure Identity and Access Management

Comments
Post Details
Added on Dec 25 2024
2 comments
407 views