Enable Identity Domain Diagnostics

Risk Level: Medium (should be achieved)

To ensure that Identity Domain Diagnostics actively capture operational logs within your Oracle Cloud Infrastructure (OCI) Identity Domains, choose the diagnostics type that best matches the depth of insight you need. When you only want a broad snapshot of system behavior, select "Activity View". When you prefer a blend of summary and moderately detailed information, choose "Data View". And when full, fine-grained visibility is required, opt for "Service View".

Security

Enabling OCI Identity Domain Diagnostics is strongly recommended because it provides detailed logs and metrics for authentication, authorization, and user activity. This can help you troubleshoot issues like login failures or access problems, monitor and audit user actions for compliance and security, and detect suspicious activity early (e.g., unusual login patterns).

Audit

To determine if Identity Domain Diagnostics is enabled for your OCI identity domains, perform the following operations:

Checking the Identity Domain Diagnostics feature configuration using OCI Command Line Interface (CLI) is not currently supported.

Using OCI Console

01 Sign in to your Oracle Cloud Infrastructure (OCI) account.

02 Navigate to Identity console available at https://cloud.oracle.com/identity/.

03 In the left navigation panel, choose Domains, and select an OCI compartment from the Compartment dropdown menu next to Applied filters, to list all the identity domains created for that compartment.

04 Click on the name (link) of the domain that you want to examine, listed in the Name column.

05 Select the Settings tab to access the Identity Domain Diagnostics settings.

06 In the Diagnostics section, check the Diagnostics type attribute value to determine whether the Identity Domain Diagnostics feature is enabled for your domain. If Diagnostics type is set to None, Identity Domain Diagnostics is not enabled to capture operational logs for the selected OCI identity domain.

07 Repeat steps no. 4 - 6 for each OCI identity domain that you want to examine, created for your OCI compartment.

08 Repeat steps no. 3 – 7 for each compartment available within in your OCI account.

Remediation / Resolution

To enable and configure Identity Domain Diagnostics for your OCI identity domains, perform the following operations:

Enabling and configuring the Identity Domain Diagnostics feature using OCI Command Line Interface (CLI) is not currently supported.

Using OCI Console

01 Sign in to your Oracle Cloud Infrastructure (OCI) account.

02 Navigate to Identity console available at https://cloud.oracle.com/identity/.

04 Click on the name (link) of the domain that you want to configure, listed in the Name column.

05 Select the Settings tab to access the Identity Domain Diagnostics settings.

06 In the Diagnostics section, choose Edit diagnostics settings, select the appropriate diagnostics type from the Diagnostics type dropdown list to capture operational logs. To capture high-level logging information only, select Activity View. To capture both mid-level and high-level logging information, select Data view (includes Activity view). To capture detailed logging information, select Service view (includes Activity view and Data view). Choose Update to apply the changes.

07 Repeat steps no. 4 - 6 for each OCI identity domain that you want to configure, created for your OCI compartment.

08 Repeat steps no. 3 – 7 for each compartment available within in your OCI account.

References

Oracle Cloud Infrastructure Documentation
Overview of IAM
Understanding Reports
Diagnostic Data Report
Types of Reports
Running Reports
Running the Diagnostic Data Report

Publication date Dec 8, 2025

Audit

Using OCI Console

Remediation / Resolution

Using OCI Console

References

Related OCI-IAM rules