I just sign-up an account of Oracle Cloud
After I logged in, It seem the system automatically created a tenancy for me and added me to an Identity Providers named oracleidentitycloudservice.
They also create one more user starts with oracleidentitycloudservice/username.
This is identity user page, both 2 of them is me. One of them is federated with oracleidentitycloudservice which is created automatically.
I can enable MFA for the second account.
But I can not enable MFA account for oracleidentitycloudservice/username:
When I want to login to Identity Console page, I need to use this SSO method:
It seem risky if Identity Console page doesn't provide MFA feature. That's what I worry about.
Question is:
Is it safe if I delete oracleidentitycloudservice/username?
How can I enable MFA for oracleidentitycloudservice/username from Oracle Infastructure page?
If Oracle is providing a complicated way to enable MFA for oracleidentitycloudservice/username, could it be a security issue?
For those who are in the same situation, here is step to Enable MFA for Oracle Identity cloud service user:
Sign in by this SSO method at this screen:
Go to Service User Console on top-right screen
Go to Admin Console of Identity
Go to My profile on top-right screen
Go to Security tab, our goal is to give the account permissions so that MFA item shows on this screen. At this moment MFA is not yet enabled, move to next step
Go to Admin console at top-right screen
Go to Security -> MFA at left side panel, check the box Mobile App Passcode
Go to Security -> Sign-On Policies, edit the Default Policy
Edit Default Sign-on Rule
Select the option that you prefer. It's upto you.
Go to Security tab and here you can enable MFA for your IDCS account
Sign-out and Sign-in again. Now you can use MFA to login.
Here's how you enable MFA (TOTP Authenticator) for Free Tier accounts:
Navigate to https://www.oracle.com/in/cloud/sign-in.html
Enter your Cloud Account Name and click Next
Select oracleidentitycloudservice as your Identity Provider and click Continue
Enter your username and password
Click on hamburger menu and select Identity & Security > Federation
Click on OracleIdentityCloudService
Click on the link next to Oracle Identity Cloud Service Console
You should be logged into the Oracle Identity Cloud Service console. Click on the hamburger menu and select Security > MFA
I don't see a way to enable Duo Security or FIDO Authenticator at this screen. Probably because the license type is Foundation but if you found a way to enable either of those, please edit this answer. If not, enable Mobile App Passcode and Mobile App Notification and click Save
Click on the top right corner of the screen with your initials and select My Profile
Click on the Security tab and you should see a 2-Step Verification section with an Enable button.
Click on Enable and select Mobile App
Check Offline Mode or Use Another Autenticator App
Scan the QR code with your favorite TOTP app (I used Authy) and enter a code and click Verify
You'll now have a 2SV factor enabled
Go back to the console by clicking on your initials at the top right corner and selecting Admin Console
Click on the hamburger menu and navigate to Security > Sign-On Policies
Edit the Default Sign-On Policy by clicking on and selecting Edit
Click on the Sign-On Rules tab and edit the Default Sign-On Rule by clicking on and selecting Edit
Scroll down to Actions section and enable Prompt for an additional factor and leave the rest at defaults and click Save
Log out and log back in again (alternatively open the Oracle Identity Cloud Service Console URL from step 7 in a private/incognito tab) and verify that you're prompted for the TOTP code after entering your username and password.
This is already old information, OCI is constantly changing it's dashboard. If you can't find the correct screens anymore, see this Oracle Documentation page, with which I set the policy after I enabled 2FA on my profile via Security:
https://docs.oracle.com/en-us/iaas/Content/Identity/mfa/understand-multi-factor-authentication.htm?Highlight=mfa
After that 2FA is asked after you login with your credentials.
I have the same issue.
I was following an official training from Oracle and found that the option did not appear because I was using the federated user.
You may manage all the users from the the lines button at the top-left corner and from there 'Identity & Security'.
First menu Identity & Security
Once you click on that option, you will see:
Choose Users
And this is the main user's options with the MFA and password reset if required:
User's options including MFA
Dani.
Related
I am trying to enable Gmail API following steps in Java Quickstart. When I click on "Enable the Gmail API" button in the Google developer console, no option like "Download Client Configuration" is displayed.
So, I am unable to get credentials.json File.
Gmail API credentials are restricted to enhance apps security. To enable the credentials click on API Console after clicking on Enable the Gmail API. You will travel to a filled form on the Credentials menu on Google APIs. You can change there the name and/or restrictions to better suit your project. Finally, you can click on Generate key to finish the process.
If you have followed the steps so far, you would have created the Gmail API credentials. To achieve your request you will need to click on Download JSON button on the right side of your newly created credentials. Do not hesitate to ask for more information if I haven't explained the process with enough detail.
Just enabling the Gmail api isnt going to create client credential for you. Unfortunately the developer console changes more often then the quick starts get updated so it can be difficult to understand.
Go to the https://console.developers.google.com
Find the credentials tab on the left and click the Create credentials button
You are probably going to be looking for an oauth client id, as service accounts only work with gmail if you are connecting to a gsuite account.
I'm making an application to read and respond to the reviews of google play account for my applications. When I enter my google play account, settings > api access, the following message appears to me: "Only the account owner can configure API access. Please contact him to update the API settings."
Is it possible that the owner of the account that has published the application gives me permissions to generate the token only to read the reviews? Or only the owner can generate a global token to read the reviews?.
Regards!
As you've said, API can only be configured by the owner of Google Play Developer account. As an account owner, you can add users to your Play Console account and manage permissions across all apps or for specific apps. From this page:
Sign in to your Play Console.
Click Settings Settings > User accounts & rights.
To add a new user, select Invite new user and follow the on-screen instructions.
To update permissions for an existing user, hover over their email address and select the pencil icon Pencil icon.
Use the "Role" drop-down to choose a pre-defined role or use the checkboxes for individual permissions.
Choose whether each permission applies to all apps in your developer account ("Global") or specific apps.
To add an app to the permissions table, use the "Add an app" drop-down Drop-down arrow.
To see details for each permission, review the permission definitions
table.
Click Send Invitation.
You can only generate a token once you're added as an owner.
Additional reference:
How to give access to Google Play Developer Console Game services page to other accounts?
At some point I must have logged in with my personal account using my outlook.com credentials. Now, I can sign out, but when I click 'sign in' it automatically logs me in with my personal account and I don't have an option of logging in with my work credentials.
I'd prefer not to delete all cookies/cache. I am using IE 11
I have gone to https://login.microsoftonline.com/ and went to my account and clicked 'forget', but it still auto logs me into my outlook.com account when signing in.
You can open a page by InPrivate Browsing for IE.
And then input your another VSTS account username.visualstudio.com, it will hint you to input you email and password.
I have created a developer account on Google in order to publish an android app on Google Play. After some time I needed GCM, but I cant be able to get a API key. I am able to enter developer console, but when I try to create a new project I get an error as following:
ERROR
Developers Console has not been activated for your account. Your account may be suspended or disabled. If you are a Google Apps user, ask your domain administrator to enable Apphosting Admin on your account.
I have been sent no email about if my account was banned or not. I have posted an email to google support but they did not respond yet(not sure if they care). What should I do? How to find why I am banned from creating a project on Developer Console.
When I try to access some pages I have been redirected to this error page. This is where I have sent email.
From [here][1]:
Go into your domain administration # https://admin.google.com/AdminHome
Click the "More controls" link at the bottom the page
Within the panel that reveals, click "More Google Apps"
Select checkbox for "Google Developers Console" (hexagon nut logo)
In the top-left you will see an icon to "Turn ON services"
Confirm your choice
Apparently Google has changed the flow since this was answered.
I had to:
1) Go to this page via App Settings > Additional Google Services
https://admin.google.com/AdminHome#AppsList:serviceType=ADDITIONAL
2) Look for the "Develop applications using Google APIs and the Google Cloud Platform" setting
3) Click the vertical ... in the right hand corner of the row and select "ON for everyone"
Make sure you are logged in with the Admin account for your domain. If you are redirected to "https://apps.google.com/user/hub" then you are not an admin.
Enable Google Developer Console for G Suite (Google Apps)
admin.google.com
Select: Apps (Manage apps and their settings)
Select: Additional Google services (Blogging, photos, ...)
(bottom right corner you'll find Page 1 of 6, switch pages to locate Google Developers Console)
Check: Google Developers Console and select ON in top right corner
Confirm with TURN ON
You should ask your domain administrator to enable Apphosting Admin on your account.
How do I change who is logged in (allow for another user to login) to an application that is using Windows Authentication without having the PC user log off?
You would be better served to use forms-based auth against AD with impersonation. Pass-through authentication is uneven and introduces a number of issues you don't even want to begin to deal with.
To clarify: Do you want to be logged in to Windows with one account and then be able to view a web site that uses Windows Authentication with a different user?
Maybe you can run the browser under a different account with runas.
Right-click on your browser icon, choose "Run as...", and provide the other user's credentials.
You could prevent IE (I assume) from automatically passing NTLM credentials. But then you'll get a login dialog.
You can change the "automatically login behavior" by doing the following in IE:
Tools -> Internet Options ->
Security tab -> Intranet zone (I
assume)
Then click "Custom level..." and
scroll to the bottom to User
Authentication -> Logon.
Select the "Prompt for user name and
password" option.
FF has similar options by going into "about:config" and change the "network.automatic-ntlm-auth.trusted-uris" setting.