Identity and Access Management
56 Release Notes
New Sign-On Policy: 'User Category-Based Sign-On Policy' (Reserved for OCI Internal Applications)
The Identity Service has seeded a new sign-on policy titled 'User Category-Based Sign-On Policy,' specifically aimed at strengthening the ...
Digitalid application roles (Reserved for Oracle) 🔗
The DigitalidAdmin, DigitalidIssuer, DigitalidVerifier, and DigitalidWallet application roles are reserved by Oracle and can't be used to manage Identity ...
Changing or restoring Oracle security defaults now requires consent 🔗
Changing or restoring the Oracle security defaults for the "Security Policy for OCI Console" sign-on policy now requires explicit consent.
SMS Text Message Template Customization Deprecated 🔗
Customize SMS Text Message template has been deprecated. SMS text message for one-time passcode (OTP) will be in the ...
OCI
Console Supports High Availability 🔗
OCI IAM supports replicating identity domains to several subscribed regions. New sign-in feature improves availability of OCI ...
Implicit JIT User Provisioning with Static Group Mapping 🔗
Use the API to enable first-time users to sign in to an OCI identity domain with their social identity ...
Identity Domains API Supports Custom Parameters for Social Identity Providers 🔗
The /SocialIdentityProviders endpoint now supports a multi-valued custom parameter for Social Identity Provider configurations.
See Endpoint details.
...Change Email From Field before Saving Notifications Template 🔗
Before you can save a Notifications template, you must change the Sender field.
For more information, see Modifying Notification ...
Change to IAM Identity Domains Password Policy Validation 🔗
User password changes for resetting a known password or resetting a forgotten password are now validated after the user enters ...
New Services available in US Government Cloud with FedRAMP Authorization 🔗
The following services are now available in the US Government Cloud with FedRAMP Authorization:
- Big Data Service ...
Reduce the number of sign-in prompts by using Keep me signed in 🔗
Administrators can now turn on Keep me signed in to reduce the number of sign-in prompts for users. After enabling ...
Oracle Enterprise Linux 8 is certified for the Linux Pluggable Authentication Module (PAM) 🔗
We now support Oracle Enterprise Linux 8 for the Linux Pluggable Authentication Module (PAM).
New tutorials illustrating SSO and identity lifecycle management 🔗
There are two new IAM tutorials which illustrate, using OCI IAM and Microsoft Azure AD, how to configure SSO and ...
Diagnostic data reports are now available 🔗
You can now use diagnostic data reports to capture logging data for an IAM identity domain. See Diagnostic Data Report ...
Upgrade Path for High Availability App Gateway Deployments 🔗
Cloud Gate has updated its Block Cipher mode of operation which changes how data is encrypted. If you are using ...
IAM Database Passwords Without Identity Domains 🔗
IAM database passwords and tokens centralize Autonomous Database user account management in IAM. They improve security and greatly minimize the ...
IAM now includes identity domains 🔗
The IAM service now supports identity domains for new tenancies. Identity domains are used to manage users and groups, integration ...
Network sources now support all services 🔗
All services now support using network sources in policy to restrict access to their resources. A network source lets you ...
Time-based access control for IAM policies 🔗
You can use time-based variables in your policies to restrict the access to resources granted in the policy to only ...
Per-image permissions for custom images 🔗
You can now write IAM policy that restricts the ability for users to create instances from custom images on an ...
Generate API signing keys in the Console 🔗
You can now generate the API signing keys in the Console, from your user profile. Also, after you add an ...
Compartment Explorer renamed to "Tenancy Explorer" 🔗
The compartment explorer is now called the "tenancy explorer." There are no changes to the functionality of this feature. To ...
Track a user's last sign in 🔗
The Users list page now includes a Last Sign In field that displays the last date and time a user ...
Network source restrictions for signing in to the Console 🔗
The IAM service now supports setting a network source restriction for signing in to the Console. A network source lets ...
Tag-based access control 🔗
Using conditions and a set of tag variables, you can write policy to scope access based on the tags that ...
Restrict access to Object Storage resources to requests from specific IP addresses 🔗
You can now use network sources (a new resource type in IAM) to restrict access to Object Storage to only ...
Enhancements to the compartment explorer 🔗
Previously, the compartment explorer allowed you to view all resources in a selected compartment. The enhancement added today allows you ...
Recover deleted compartments 🔗
You can now recover a deleted compartment. For more information, see Managing Compartments.
Required tag values for tag defaults 🔗
You can create tag defaults that require users creating resources to enter the values for tags. For more information, see ...
New tag value type for defined tags 🔗
You can create a list of values for defined tags. When the user applies the tag, they must select a ...
View all resources in a compartment with the compartment explorer 🔗
You can now get a cross-region view of all resources in a single compartment using the new compartment explorer. See ...
New procedures for managing service roles for Oracle Identity Cloud Service users and groups 🔗
You can now manage service roles for your Oracle Identity Cloud Service federated users directly in the Console. For the ...
Move a compartment to a different parent compartment 🔗
Use variables in tag values 🔗
You can now use variables in tag values. For more information, see Using Tag Variables.
Tag and tag namespace delete 🔗
You can now delete tags and tag namespaces. See Deleting Tag Key Definitions and Namespace for information and limitations.
Support for federation with Microsoft Azure Active Directory 🔗
The IAM service now supports Microsoft Azure AD as an identity provider. You can set up Oracle Cloud Infrastructure as ...
Support for assertion encryption by an identity provider 🔗
Oracle Cloud Infrastructure IAM service now supports encryption assertion by an identity provider. If your tenancy is federated with Microsoft ...
Customize password policy rules 🔗
You can now customize the password policy rules for Oracle Cloud Infrastructure local users. When a user is created or ...
Move tag namespaces to a different compartment 🔗
You can now move a tag namespace from the compartment it is in to a different compartment. The tag namespace ...
Self-service password recovery 🔗
Oracle Cloud Infrastructure local users can now add an email address to their user profile. This email address can be ...
Automatically apply tags at resource creation 🔗
Tag defaults let you specify tags to be applied automatically to all resources, at the time of creation, in a ...
Support for multi-factor authentication 🔗
Manage Oracle Identity Cloud Service Users and Groups in the Console 🔗
Oracle Cloud Infrastructure now provides an integration with Oracle Identity Cloud Service that lets you perform basic user and group ...
SDK and CLI support for Okta federated users 🔗
Users who are federated with Okta can now directly access the Oracle Cloud Infrastructure SDK and CLI, and other services ...
Support for compartment hierarchies 🔗
You can now create subcompartments inside of compartments to create hierarchies up to six levels deep. For more information, see ...
Compartment delete 🔗
You can now delete compartments. See Deleting Compartments for information and limitations.
Cost-tracking tags 🔗
Cost-tracking tags are displayed in your online billing statement and allow you to filter and subtotal your costs for resources ...
Compartment list in the Console shows only the compartments the user can access 🔗
The compartment list in the Console now displays only the compartments that a user is authorized to access. See Understanding ...
Use tags to define members of dynamic groups 🔗
You can now group instances in dynamic groups based on tags. For more information, see Managing Dynamic Groups.
...Swift passwords are now called "auth tokens" 🔗
Previously, the credential generated by Oracle for you to use to sign in to a Swift client was called a ...
Tags for the tenancy 🔗
You can now apply tags to your tenancy using the Console or the API. See Managing the Tenancy.
...Instance principals 🔗
Instances are a new principal type in IAM. You can now apply policy to groups of instances just as you ...
Federation with Oracle Identity Cloud Service Federated Users 🔗
All new tenancies are federated with Oracle Identity Cloud Service. For more information, see
Apply tags to your resources 🔗
Tagging allows you to organize, manage, and control your cloud resources with an organizational scheme you define. See Overview of ...
Rename compartments 🔗
You can now rename compartments that you create.
Federation with Microsoft Active Directory 🔗
You can federate with Microsoft Active Directory to enable your users to sign in to Oracle Cloud Infrastructure using their ...