create
¶
Description¶
Validate Self Service Enrollment using the Requested MFA Factor
The top level –endpoint parameter must be supplied for this operation.
Required Parameters¶
-
--auth-factor
[text]
¶
Authentication Factor which is being validated
SCIM++ Properties: - type: string - multiValued: false - required: true - mutability: readWrite - returned: default - uniqueness: none - idcsSearchable: false
Accepted values are:
BYPASSCODE, EMAIL, FIDO_AUTHENTICATOR, KMSI_TOKEN, PHONE_CALL, PUSH, SECURITY_QUESTIONS, SMS, THIRDPARTY, TOTP, TRUST_TOKEN, USERNAME_PASSWORD, VOICE, YUBICO_OTP
-
--scenario
[text]
¶
Specifies whether the service is being used to enroll or validate a factor
SCIM++ Properties: - type: string - multiValued: false - required: true - mutability: readWrite - returned: default - uniqueness: none - idcsSearchable: false
Accepted values are:
AUTHENTICATION, ENROLLMENT
-
--schemas
[complex type]
¶
REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard “enterprise” extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: true - mutability: readWrite - required: true - returned: default - type: string - uniqueness: none This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.
The --generate-param-json-input
option can be used to generate an example of the JSON which must be provided. We recommend storing this example
in a file, modifying it as needed and then passing it back in via the file:// syntax.
Optional Parameters¶
-
--additional-attributes
[complex type]
¶
Additional attributes which will be sent as part of a push notification
SCIM++ Properties: - idcsSearchable: false - multiValued: true - mutability: readWrite - required: false - returned: default - type: complex - uniqueness: none
This option is a JSON list with items of type MyAuthenticationFactorValidatorAdditionalAttributes. For documentation on MyAuthenticationFactorValidatorAdditionalAttributes please see our API reference: https://docs.cloud.oracle.com/api/#/en/identitydomains/v1/datatypes/MyAuthenticationFactorValidatorAdditionalAttributes. This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.
The --generate-param-json-input
option can be used to generate an example of the JSON which must be provided. We recommend storing this example
in a file, modifying it as needed and then passing it back in via the file:// syntax.
The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
-
--compartment-ocid
[text]
¶
OCI Compartment Id (ocid) in which the resource lives.
SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readOnly - required: false - returned: default - type: string - uniqueness: none
-
--create-kmsi-token
[boolean]
¶
Indicates to create kmsi token.
SCIM++ Properties: - type: boolean - multiValued: false - required: false - mutability: writeOnly - returned: never - uniqueness: none
-
--create-trusted-agent
[boolean]
¶
Indicates to create trust token.
SCIM++ Properties: - type: boolean - multiValued: false - required: false - mutability: writeOnly - returned: never - uniqueness: none
-
--delete-in-progress
[boolean]
¶
A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
SCIM++ Properties: - caseExact: false - idcsSearchable: true - multiValued: false - mutability: readOnly - required: false - returned: default - type: boolean - uniqueness: none
-
--device-id
[text]
¶
Device id whose factor is being validated
SCIM++ Properties: - type: string - multiValued: false - required: false - mutability: readWrite - returned: default - uniqueness: none - idcsSearchable: false
-
--display-name
[text]
¶
Display name of the verified device
SCIM++ Properties: - type: string - multiValued: false - required: false - mutability: readWrite - returned: default - uniqueness: none - idcsSearchable: false
-
--domain-ocid
[text]
¶
OCI Domain Id (ocid) in which the resource lives.
SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readOnly - required: false - returned: default - type: string - uniqueness: none
-
--from-json
[text]
¶
Provide input to this command as a JSON document from a file using the file://path-to/file syntax.
The --generate-full-command-json-input
option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.
Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.
For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions
-
--id
[text]
¶
Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider’s entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
SCIM++ Properties: - caseExact: false - idcsSearchable: true - multiValued: false - mutability: readOnly - required: false - returned: always - type: string - uniqueness: global
-
--idcs-created-by
[complex type]
¶
This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.
The --generate-param-json-input
option can be used to generate an example of the JSON which must be provided. We recommend storing this example
in a file, modifying it as needed and then passing it back in via the file:// syntax.
-
--idcs-last-modified-by
[complex type]
¶
This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.
The --generate-param-json-input
option can be used to generate an example of the JSON which must be provided. We recommend storing this example
in a file, modifying it as needed and then passing it back in via the file:// syntax.
-
--idcs-last-upgraded-in-release
[text]
¶
The release number when the resource was upgraded.
SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readOnly - required: false - returned: request - type: string - uniqueness: none
-
--idcs-prevented-operations
[text]
¶
Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
SCIM++ Properties: - idcsSearchable: false - multiValued: true - mutability: readOnly - required: false - returned: request - type: string - uniqueness: none
Accepted values are:
delete, replace, update
-
--is-acc-rec-enabled
[boolean]
¶
Flag indicates whether the factor is enrolled in account recovery. If the value is not provided or false, then it will be treated as MFA factor validation.
SCIM++ Properties: - caseExact: true - idcsSearchable: true - multiValued: false - mutability: readWrite - required: false - returned: default - type: boolean - uniqueness: none
-
--kmsi-token-id
[text]
¶
KMSI token resource identifier.
SCIM++ Properties: - type: string - multiValued: false - required: false - mutability: writeOnly - returned: never - uniqueness: none
-
--location
[text]
¶
Location of the trusted client.
SCIM++ Properties: - type: string - multiValued: false - required: false - mutability: writeOnly - returned: never - uniqueness: none
-
--message
[text]
¶
Validator message which is passed by the client. When it is a PUSH notification, it can be a rejection message.
SCIM++ Properties: - type: string - multiValued: false - required: false - mutability: readWrite - returned: default - uniqueness: none - idcsSearchable: false
-
--meta
[complex type]
¶
This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.
The --generate-param-json-input
option can be used to generate an example of the JSON which must be provided. We recommend storing this example
in a file, modifying it as needed and then passing it back in via the file:// syntax.
-
--name
[text]
¶
Name of the client to be trusted
SCIM++ Properties: - type: string - multiValued: false - required: false - mutability: writeOnly - returned: never - uniqueness: none
-
--ocid
[text]
¶
Unique OCI identifier for the SCIM Resource.
SCIM++ Properties: - caseExact: true - idcsSearchable: true - multiValued: false - mutability: immutable - required: false - returned: default - type: string - uniqueness: global
-
--otp-code
[text]
¶
The One Time Passcode which needs to be validated
SCIM++ Properties: - type: string - multiValued: false - required: false - mutability: readWrite - returned: never - uniqueness: none - idcsSensitive: encrypt - idcsSearchable: false
-
--platform
[text]
¶
Platform of the client to be trusted
SCIM++ Properties: - type: string - multiValued: false - required: false - mutability: writeOnly - returned: never - uniqueness: none
-
--policy-enabled-second-factors
[complex type]
¶
Sign-On Policy dictated allowed second factors.
SCIM++ Properties: - type: string - multiValued: true - required: false - mutability: writeOnly - returned: never - uniqueness: none This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.
The --generate-param-json-input
option can be used to generate an example of the JSON which must be provided. We recommend storing this example
in a file, modifying it as needed and then passing it back in via the file:// syntax.
-
--policy-trusted-frequency-mins
[integer]
¶
Sign-On Policy dictated validity duration for trusted client in Minutes.
SCIM++ Properties: - type: integer - multiValued: false - required: false - mutability: writeOnly - returned: never - uniqueness: none
-
--preference-type
[text]
¶
Indicates whether to user passwordless factor to be updated or mfa factor to be updated
SCIM++ Properties: - type: string - multiValued: false - required: false - mutability: writeOnly - returned: never - uniqueness: none
Accepted values are:
MFA, PASSWORDLESS
-
--request-id
[text]
¶
Request ID which is being validated
SCIM++ Properties: - type: string - multiValued: false - required: false - mutability: readWrite - returned: default - uniqueness: none - idcsSearchable: false
-
--resource-type-schema-version
[text]
¶
An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.
-
--security-questions
[complex type]
¶
List of security questions the user has submitted to get authenticated.
SCIM++ Properties: - type: complex - multiValued: true - required: false - mutability: writeOnly - returned: never - uniqueness: none - idcsSearchable: false
This option is a JSON list with items of type MyAuthenticationFactorValidatorSecurityQuestions. For documentation on MyAuthenticationFactorValidatorSecurityQuestions please see our API reference: https://docs.cloud.oracle.com/api/#/en/identitydomains/v1/datatypes/MyAuthenticationFactorValidatorSecurityQuestions. This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.
The --generate-param-json-input
option can be used to generate an example of the JSON which must be provided. We recommend storing this example
in a file, modifying it as needed and then passing it back in via the file:// syntax.
-
--status
[text]
¶
Validation status returned in the response
SCIM++ Properties: - type: string - multiValued: false - required: false - mutability: readOnly - returned: default - uniqueness: none - idcsSearchable: false
Accepted values are:
FAILURE, SUCCESS
A list of tags on this resource.
SCIM++ Properties: - idcsCompositeKey: [key, value] - idcsSearchable: true - multiValued: true - mutability: readWrite - required: false - returned: request - type: complex - uniqueness: none
This option is a JSON list with items of type Tags. For documentation on tags please see our API reference: https://docs.cloud.oracle.com/api/#/en/identitydomains/v1/datatypes/Tags. This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.
The --generate-param-json-input
option can be used to generate an example of the JSON which must be provided. We recommend storing this example
in a file, modifying it as needed and then passing it back in via the file:// syntax.
-
--tenancy-ocid
[text]
¶
OCI Tenant Id (ocid) in which the resource lives.
SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readOnly - required: false - returned: default - type: string - uniqueness: none
-
--third-party-factor
[complex type]
¶
This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.
The --generate-param-json-input
option can be used to generate an example of the JSON which must be provided. We recommend storing this example
in a file, modifying it as needed and then passing it back in via the file:// syntax.
-
--trusted-token-id
[text]
¶
Trusted token resource identifier.
SCIM++ Properties: - type: string - multiValued: false - required: false - mutability: writeOnly - returned: never - uniqueness: none
-
--type
[text]
¶
type indicating whether the flow is OIDC, SAML etc.,
SCIM++ Properties: - type: string - multiValued: false - required: false - mutability: writeOnly - returned: default - uniqueness: none
Accepted values are:
OIDC, SAML
-
--update-user-preference
[boolean]
¶
Indicates whether to update user preferred mfa factor or not
SCIM++ Properties: - type: boolean - multiValued: false - required: false - mutability: writeOnly - returned: never - uniqueness: none
-
--user-id
[text]
¶
User guid for whom the validation has initiated. Optional.
SCIM++ Properties: - type: string - multiValued: false - required: false - mutability: readWrite - returned: default - uniqueness: none - idcsSearchable: false
-
--user-name
[text]
¶
User name for whom the validation has initiated
SCIM++ Properties: - type: string - multiValued: false - required: false - mutability: readWrite - returned: default - uniqueness: none - idcsSearchable: false - idcsPii: true
Global Parameters¶
Use oci --help
for help on global parameters.
--auth-purpose
, --auth
, --cert-bundle
, --cli-auto-prompt
, --cli-rc-file
, --config-file
, --connection-timeout
, --debug
, --defaults-file
, --endpoint
, --generate-full-command-json-input
, --generate-param-json-input
, --help
, --latest-version
, --max-retries
, --no-retry
, --opc-client-request-id
, --opc-request-id
, --output
, --profile
, --proxy
, --query
, --raw-output
, --read-timeout
, --realm-specific-endpoint
, --region
, --release-info
, --request-id
, --version
, -?
, -d
, -h
, -i
, -v
Example using required parameter¶
Copy and paste the following example into a JSON file, replacing the example parameters with your own.
oci identity-domains my-authentication-factor-validator create --generate-param-json-input schemas > schemas.json
Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.
Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration and appropriate security policies before trying the examples.
export auth_factor=<substitute-value-of-auth_factor> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/identity-domains/my-authentication-factor-validator/create.html#cmdoption-auth-factor
export scenario=<substitute-value-of-scenario> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/identity-domains/my-authentication-factor-validator/create.html#cmdoption-scenario
oci identity-domains my-authentication-factor-validator create --auth-factor $auth_factor --scenario $scenario --schemas file://schemas.json