This data source provides the list of Authentication Factor Settings in Oracle Cloud Infrastructure Identity Domains service.
Search Authentication Factor Settings
data "oci_identity_domains_authentication_factor_settings" "test_authentication_factor_settings" {
#Required
idcs_endpoint = data.oci_identity_domain.test_domain.url
#Optional
attribute_sets = []
attributes = ""
authorization = var.authentication_factor_setting_authorization
resource_type_schema_version = var.authentication_factor_setting_resource_type_schema_version
}
The following arguments are supported:
attribute_sets
- (Optional) A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If 'attributes' query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.attributes
- (Optional) A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.authorization
- (Optional) The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.idcs_endpoint
- (Required) The basic endpoint for the identity domainresource_type_schema_version
- (Optional) An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.The following attributes are exported:
authentication_factor_settings
- The list of authentication_factor_settings.The following attributes are exported:
auto_enroll_email_factor_disabled
- If true, indicates that email will not be enrolled as a MFA factor automatically if it a account recovery factor
Added In: 2011192329
SCIM++ Properties:
bypass_code_enabled
- If true, indicates that Bypass Code is enabled for authentication
SCIM++ Properties:
bypass_code_settings
- Settings related to the bypass code, such as bypass code length, bypass code expiry, max active bypass codes, and so on
SCIM++ Properties:
help_desk_code_expiry_in_mins
- Expiry (in minutes) of any bypass code that is generated by the help desk
SCIM++ Properties:
help_desk_generation_enabled
- If true, indicates that help desk bypass code generation is enabled
SCIM++ Properties:
help_desk_max_usage
- The maximum number of times that any bypass code that is generated by the help desk can be used
SCIM++ Properties:
length
- Exact length of the bypass code to be generated
SCIM++ Properties:
max_active
- The maximum number of bypass codes that can be issued to any user
SCIM++ Properties:
self_service_generation_enabled
- If true, indicates that self-service bypass code generation is enabled
SCIM++ Properties:
client_app_settings
- Settings related to compliance, Personal Identification Number (PIN) policy, and so on
SCIM++ Properties:
device_protection_policy
- Indicates what protection policy that the system applies on a device. By default, the value is NONE, which indicates that the system applies no protection policy. A value of APP_PIN indicates that the system requires a Personal Identification Number (PIN). A value of DEVICE_BIOMETRIC_OR_APP_PIN indicates that either a PIN or a biometric authentication factor is required.
SCIM++ Properties:
initial_lockout_period_in_secs
- The period of time in seconds that the system will lock a user out of the service after that user exceeds the maximum number of login failures
SCIM++ Properties:
key_pair_length
- The size of the key that the system uses to generate the public-private key pair
SCIM++ Properties:
lockout_escalation_pattern
- The pattern of escalation that the system follows, in locking a particular user out of the service.
SCIM++ Properties:
max_failures_before_lockout
- The maximum number of times that a particular user can fail to login before the system locks that user out of the service
SCIM++ Properties:
max_failures_before_warning
- The maximum number of login failures that the system will allow before raising a warning and sending an alert via email
SCIM++ Properties:
max_lockout_interval_in_secs
- The maximum period of time that the system will lock a particular user out of the service regardless of what the configured pattern of escalation would otherwise dictate
SCIM++ Properties:
min_pin_length
- Minimum length of the Personal Identification Number (PIN)
SCIM++ Properties:
policy_update_freq_in_days
- The period of time in days after which a client should refresh its policy by re-reading that policy from the server
SCIM++ Properties:
request_signing_algo
- Indicates which algorithm the system will use to sign requests
SCIM++ Properties:
shared_secret_encoding
- Indicates the type of encoding that the system should use to generate a shared secret
SCIM++ Properties:
unlock_app_for_each_request_enabled
- If true, indicates that the system should require the user to unlock the client app for each request. In order to unlock the App, the user must supply a Personal Identification Number (PIN) or a biometric authentication-factor.
SCIM++ Properties:
unlock_app_interval_in_secs
- Specifies the period of time in seconds after which the client App should require the user to unlock the App. In order to unlock the App, the user must supply a Personal Identification Number (PIN) or a biometric authentication-factor. A value of zero means that it is disabled.
SCIM++ Properties:
unlock_on_app_foreground_enabled
- If true, indicates that the system should require the user to unlock the client App, when the client App comes to the foreground in the display of the device. In order to unlock the App, the user must supply a Personal Identification Number (PIN) or a biometric authentication-factor.
SCIM++ Properties:
unlock_on_app_start_enabled
- If true, indicates that the system should require the user to unlock the client App whenever the App is started. In order to unlock the App, the user must supply a Personal Identification Number (PIN) or a biometric authentication-factor.
SCIM++ Properties:
compartment_ocid
- Oracle Cloud Infrastructure Compartment Id (ocid) in which the resource lives.
SCIM++ Properties:
compliance_policy
- Compliance Policy that defines actions to be taken when a condition is violated
SCIM++ Properties:
action
- The action to be taken if the value of the attribute is not as expected
SCIM++ Properties:
name
- The name of the attribute being evaluated
SCIM++ Properties:
value
- The value of the attribute to be evaluated
SCIM++ Properties:
delete_in_progress
- A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
SCIM++ Properties:
domain_ocid
- Oracle Cloud Infrastructure Domain Id (ocid) in which the resource lives.
SCIM++ Properties:
email_enabled
- If true, indicates that the EMAIL channel is enabled for authentication
Added In: 18.1.2
SCIM++ Properties:
email_settings
- Settings related to Email Factor, such as enabled email magic link factor, custom url for Email Link
Added In: 20.1.3
SCIM++ Properties:
email_link_custom_url
- Custom redirect Url which will be used in email link
Added In: 20.1.3
SCIM++ Properties:
email_link_enabled
- Specifies whether Email link is enabled or not.
Added In: 20.1.3
SCIM++ Properties:
endpoint_restrictions
- Settings that describe the set of restrictions that the system should apply to devices and trusted endpoints of a user
SCIM++ Properties:
max_endpoint_trust_duration_in_days
- Maximum number of days until an endpoint can be trusted
SCIM++ Properties:
max_enrolled_devices
- Maximum number of enrolled devices per user
SCIM++ Properties:
max_incorrect_attempts
- An integer that represents the maximum number of failed MFA logins before an account is locked
SCIM++ Properties:
max_trusted_endpoints
- Max number of trusted endpoints per user
SCIM++ Properties:
trusted_endpoints_enabled
- Specify if trusted endpoints are enabled
SCIM++ Properties:
fido_authenticator_enabled
- If true, indicates that the Fido Authenticator channels are enabled for authentication
Added In: 2009232244
SCIM++ Properties:
hide_backup_factor_enabled
- If true, indicates that 'Show backup factor(s)' button will be hidden during authentication
Added In: 19.3.3
SCIM++ Properties:
id
- Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
SCIM++ Properties:
idcs_created_by
- The User or App who created the Resource
SCIM++ Properties:
display
- The displayName of the User or App who created this Resource
SCIM++ Properties:
ocid
- The OCID of the SCIM resource that represents the User or App who created this Resource
SCIM++ Properties:
ref
- The URI of the SCIM resource that represents the User or App who created this Resource
SCIM++ Properties:
type
- The type of resource, User or App, that created this Resource
SCIM++ Properties:
value
- The ID of the SCIM resource that represents the User or App who created this Resource
SCIM++ Properties:
idcs_last_modified_by
- The User or App who modified the Resource
SCIM++ Properties:
display
- The displayName of the User or App who modified this Resource
SCIM++ Properties:
ocid
- The OCID of the SCIM resource that represents the User or App who modified this Resource
SCIM++ Properties:
ref
- The URI of the SCIM resource that represents the User or App who modified this Resource
SCIM++ Properties:
type
- The type of resource, User or App, that modified this Resource
SCIM++ Properties:
value
- The ID of the SCIM resource that represents the User or App who modified this Resource
SCIM++ Properties:
idcs_last_upgraded_in_release
- The release number when the resource was upgraded.
SCIM++ Properties:
idcs_prevented_operations
- Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
SCIM++ Properties:
identity_store_settings
- Settings related to the use of a user's profile details from the identity store
SCIM++ Properties:
mobile_number_enabled
- If true, indicates that Multi-Factor Authentication should use the mobile number in the identity store
SCIM++ Properties:
mobile_number_update_enabled
- If true, indicates that the user can update the mobile number in the user's Multi-Factor Authentication profile
SCIM++ Properties:
meta
- A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
SCIM++ Properties:
created
- The DateTime the Resource was added to the Service Provider
SCIM++ Properties:
last_modified
- The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
SCIM++ Properties:
location
- The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
SCIM++ Properties:
resource_type
- Name of the resource type of the resource--for example, Users or Groups
SCIM++ Properties:
version
- The version of the Resource being returned. This value must be the same as the ETag HTTP response header.
SCIM++ Properties:
mfa_enabled_category
- Specifies the category of people for whom Multi-Factor Authentication is enabled. This is a readOnly attribute which reflects the value of mfaEnabledCategory attribute in SsoSettings
Deprecated Since: 18.1.2
SCIM++ Properties:
mfa_enrollment_type
- Specifies if Multi-Factor Authentication enrollment is mandatory or optional for a user
Deprecated Since: 18.1.2
SCIM++ Properties:
notification_settings
- Settings related to the Mobile App Notification channel, such as pull
Added In: 17.4.2
SCIM++ Properties:
pull_enabled
- If true, indicates that the Mobile App Pull Notification channel is enabled for authentication
Added In: 17.4.2
SCIM++ Properties:
ocid
- Unique Oracle Cloud Infrastructure identifier for the SCIM Resource.
SCIM++ Properties:
phone_call_enabled
- If true, indicates that the phone (PHONE_CALL) channel is enabled for authentication
Added In: 20.1.3
SCIM++ Properties:
push_enabled
- If true, indicates that the Mobile App Push Notification channel is enabled for authentication
SCIM++ Properties:
schemas
- REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard \"enterprise\" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
SCIM++ Properties:
security_questions_enabled
- If true, indicates that Security Questions are enabled for authentication
SCIM++ Properties:
sms_enabled
- If true, indicates that the Short Message Service (SMS) channel is enabled for authentication
SCIM++ Properties:
tags
- A list of tags on this resource.
SCIM++ Properties:
key
- Key or name of the tag.
SCIM++ Properties:
value
- Value of the tag.
SCIM++ Properties:
tenancy_ocid
- Oracle Cloud Infrastructure Tenant Id (ocid) in which the resource lives.
SCIM++ Properties:
third_party_factor
- Settings related to third-party factor
Added In: 19.2.1
SCIM++ Properties:
duo_security
- To enable Duo Security factor
Added In: 19.2.1
SCIM++ Properties:
totp_enabled
- If true, indicates that the Mobile App One Time Passcode channel is enabled for authentication
SCIM++ Properties:
totp_settings
- Settings related to Time-Based One-Time Passcodes (TOTP), such as hashing algo, totp time step, passcode length, and so on
SCIM++ Properties:
email_otp_validity_duration_in_mins
- The period of time (in minutes) that a one-time passcode remains valid that the system sends by email.
Added In: 18.1.2
SCIM++ Properties:
email_passcode_length
- Exact length of the email one-time passcode.
Added In: 18.1.2
SCIM++ Properties:
hashing_algorithm
- The hashing algorithm to be used to calculate a One-Time Passcode. By default, the system uses SHA1.
SCIM++ Properties:
jwt_validity_duration_in_secs
- The period of time (in seconds) that a JSON Web Token (JWT) is valid
SCIM++ Properties:
key_refresh_interval_in_days
- The duration of time (in days) after which the shared secret has to be refreshed
SCIM++ Properties:
passcode_length
- Exact length of the One-Time Passcode that the system should generate
SCIM++ Properties:
sms_otp_validity_duration_in_mins
- The period of time (in minutes) for which a One-Time Passcode that the system sends by Short Message Service (SMS) or by voice remains valid
SCIM++ Properties:
sms_passcode_length
- Exact length of the Short Message Service (SMS) One-Time Passcode
SCIM++ Properties:
time_step_in_secs
- Time (in secs) to be used as the time step
SCIM++ Properties:
time_step_tolerance
- The tolerance/step-size that the system should use when validating a One-Time Passcode
SCIM++ Properties:
urnietfparamsscimschemasoracleidcsextensionfido_authentication_factor_settings
- This extension defines attributes used to manage Multi-Factor Authentication settings of fido authentication
attestation
- Attribute used to define the type of attestation required.
Added In: 2009232244
SCIM++ Properties:
authenticator_selection_attachment
- Attribute used to define authenticator selection attachment.
Added In: 2009232244
SCIM++ Properties:
authenticator_selection_require_resident_key
- Flag used to indicate authenticator selection is required or not
Added In: 2009232244
SCIM++ Properties:
authenticator_selection_resident_key
- Attribute used to define authenticator selection resident key requirement.
Added In: 2009232244
SCIM++ Properties:
authenticator_selection_user_verification
- Attribute used to define authenticator selection verification.
Added In: 2009232244
SCIM++ Properties:
domain_validation_level
- Number of domain levels Oracle Identity Cloud Service should use for origin comparision
Added In: 2109020413
SCIM++ Properties:
exclude_credentials
- Flag used to indicate whether we need to restrict creation of multiple credentials in same authenticator
Added In: 2009232244
SCIM++ Properties:
public_key_types
- List of server supported public key algorithms
Added In: 2009232244
SCIM++ Properties:
timeout
- Timeout for the fido authentication to complete
Added In: 2009232244
SCIM++ Properties:
urnietfparamsscimschemasoracleidcsextensionthird_party_authentication_factor_settings
- This extension defines attributes used to manage Multi-Factor Authentication settings of third party provider
duo_security_settings
- Settings related to Duo Security
Added In: 19.2.1
SCIM++ Properties:
api_hostname
- Hostname to access the Duo security account
Added In: 19.2.1
SCIM++ Properties:
attestation_key
- Attestation key to attest the request and response between Duo Security
Added In: 19.2.1
SCIM++ Properties:
integration_key
- Integration key from Duo Security authenticator
Added In: 19.2.1
SCIM++ Properties:
secret_key
- Secret key from Duo Security authenticator
Added In: 19.2.1
SCIM++ Properties:
user_mapping_attribute
- User attribute mapping value
Added In: 19.2.1
SCIM++ Properties:
user_enrollment_disabled_factors
- Factors for which enrollment should be blocked for End User
Added In: 2012271618
SCIM++ Properties:
yubico_otp_enabled
- If true, indicates that the Yubico OTP is enabled for authentication
Added In: 2109090424
SCIM++ Properties: