Deleting Conditions from a Rule

10-44 Oracle Fusion Middleware Administrators Guide for Oracle Adaptive Access Manager

4. In the Search Results table, click KBA Challenge. The Policy Details page for

KBA Challenge is displayed.

5. In the Policy Details page, click the Rules tab.

6. In the Rules tab, click Add to add a new rule.

The New Rule page is displayed.

7. Enter User Velocity as the rule name.

8. Enter a description for the rule. 9. Select the rule status. When the New Rule page first appears, the default value for the rule status is Active .

10. Add the User: Velocity from last successful login rule condition to create the new

rule.

a. To add the User: Velocity from last successful login condition, click the

Conditions tab.

b. In the Conditions tab, click Add. The Add Condition page appears.

c. Search for the User: Velocity from last successful login condition by entering

velocity in the Condition Name field and then clicking Search.

d. In the Results table, select that condition and click OK.

e. In the New RuleUser Velocity page, select User: Velocity from last

successful login in the top panel. The bottom panel displays the parameters of the condition. f. In the bottom panel, modify the parameters.

a. Enter 500 for Miles per Hour is more than.

b. Select true for Ignore if last login device is same.

g. Click Save to save your changes. A confirmation dialog appears with a

message that the modified rule parameters were saved successfully.

h. Click OK to dismiss the confirmation dialog.

11. Add a KBA challenge as a result of the User Velocity rule.

a. Click the Results tab.

The Results tab enables you to specify the results for the rule if the conditions are met. b. To set up a KBA challenge to occur if the rule is triggered, select ChallengeQuestionPad in the Actions Group list. 12. Click Apply. A confirmation dialog appears with a message that the modified rule details were saved successfully. If the required fields are not filled in and the user clicks Apply, an error is displayed. If the rule was successfully created, the new rule should be listed in the Rules tab of the Policy Details page. Managing Policies, Rules, and Conditions 10-45

13. Click OK to dismiss the confirmation dialog.

10.34.5 Use Case: Link Group to Rule Condition

In this use case, you must link an existing high risk countries group used for various purposes to a rule in the policy, System - Pre Blocking, you imported in Section 10.34.2, Use Case: Import Policy. Directions: Find a high risk countries group and link it to the rule in the KBA Challenge policy, you created. To link a group to a rule condition: 1. Log in to OAAM Admin as an administrator.

2. In the Navigation tree, double-click Rules. The Rules Search page is displayed.

3. Search for the Blacklisted countries rule.

4. In the Search Results table, click Blacklisted countries. The Rule Details page for

the Blacklisted countries rule is displayed. 5. Select the in group rule condition in the Blacklisted countries rule. a. In the Rule Details page, click the Conditions tab. b. In the Conditions tab, click Add. The Add Conditions page appears. c. Search for the condition, Location: In Country group. The condition checks to see if the IP is in the given country group.

d. In the Search Results table, select the Location: In Country group condition

and click OK. 6. Link the existing high risk countries group to the rule condition.

a. In the Conditions edit page, select the Location: In Country group condition

in the top panel. The bottom panel displays the parameters of the condition. b. In the bottom panel, modify the parameters by setting: Is in list: true Country in country group: Restricted countries.

7. Click Save to save your changes. A confirmation dialog appears with a message

that the modified rule parameters were saved successfully.

8. Click OK to dismiss the confirmation dialog.

9. Click Apply. A confirmation dialog appears with a message that the modified rule

details were saved successfully.

10.34.6 Use Case: Copy Rule

The security team has determined that devices found to be exceptionally high risk should be blocked. Right now there is a rule to accomplish this but it was configured in a post-authentication checkpoint. The team feels login attempts should not even be allowed from these devices. Therefore you must move the rule to a pre-authentication checkpoint policy. Directions: Find the Black-Listed Devices rule in the System -Post Blocking policy and copy it to the pre-authentication policy, System - Pre Blocking policy. Then delete the rule from the post-authentication policy.