Creating an Identity Provider Policy

Create an identity provider policy for an identity domain.

You can define the following criteria in an IdP policy:
  • The username of the user
  • The IP address that the user is using to sign in to the identity domain
  • The IdPs that will be available to the user to access the identity domain
  1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
  2. Click the name of the identity domain that you want to work in. You might need to change the compartment to find the domain that you want. Under Security click IdP policies.
  3. On the Identity provider (IdP) policies page, click Create IdP policy.
  4. On the Add policy page, enter a name and then click Add policy.

    The policy is added.

  5. On the Add identity provider rules page, click Add IdP rule to define rules for this policy.
  6. Enter a Rule name for the identity provider rule.
  7. Use the Assign identity providers menu to select the IdPs to assign to this rule.
  8. Configure the following Conditions:
    • Expression placement: The following options are associated with this field:
      • If you select Starts with expression, then the rule evaluates the start of the username in the user account.
      • If you select Ends with expression, then the rule evaluates the end of the username in the user account.
    • Enter user name expression: Specify information about users' usernames to evaluate whether they meet the criteria of the rule. For example, if you want the rule to be applicable only to those users who have usernames that end with @example.com, then select Ends with expression from the preceding menu, and then enter @example.com in this text box.
    • Exclude users: Optionally, enter or select the users to exclude from the rule.
    • Group membership: Optionally, enter or select the groups to exclude from the rule.
    • Filter by client IP address: The following options are associated with this field:
      • If you select Anywhere, then the IdPs that you specify in this rule will be available to users that sign in from any IP address.
      •  If you select Restrict to the following network perimeters, then you enter or select network perimeters that you have defined. For more information, see Creating a Network Perimeter. The IdPs that you specify in this rule will be available to users that sign in using only IP addresses that are contained in the defined network perimeters.
  9. Click Add IdP rule.
  10. To add another identity provider rule to this policy, repeat the preceding steps.

    Note: If you have added multiple identity provider rules to this policy, you can change the order in which they are evaluated. Click Edit priority and then change the priority order.

  11. When you are finished adding rules, click Next.
  12. Add apps to the policy. For more information see Adding Apps to the Policy.
  13. When you are done, click Close.