Skip to main content

As a publicly traded and A&D company we have strict SOX controls. We need some community assistance with the control “users who have not accessed the application within a 90 day period are locked to restrict access to the application.” I would think that this being a very common control another client of IFS must have faces this. Any information is appreciated. 

Precloud I would have said to amend the oracle profile linked to the users. Could amend the INACTIVE_ACCOUNT_TIME to 90 days. 
 

With Cloud now new users aren’t actually oracle users now, they are IAM users. This meaning they don’t have a profile allocated. Currently the account and password restrictions within the application arent as good than they were in EE, they are getting better. I believe IFS are looking for people to use an external IAM like azure to handle the users authentication. Might be worth looking at this. 
 

There might be an option to look at a custom event though. A scheduled event that executes each day and validates when an IAM user last logged in. If the difference between run date and last date = x then lock the account. 
 

I must say, I’m not an expert regarding this 🙂


I think looking at the above suggetion seems to be a good approach if looking for an IFS native solution.

If your using Entra ID as your IDP for IFS you could also manage this through Azure’s Log Analytics Workspace. The benefit here is you can use the same design for all SSO apps managed by that IDP if they fall under the same compliance scope.

Hope that provides some ideas.


Thank you both for your responses. I see i left out that we are in fact using IFS cloud which is the issue. I will get with the developers to investigate a custom event. 


Reply