Description

IAM Policies govern access to all resources within an OCI Tenancy. IAM Policies use OCI Groups for assigning the privileges. Identity Provider Groups could be mapped to OCI Groups to assign privileges to federated users in OCI. Monitoring and alerting on changes to Identity Provider Group mappings by using the OCI Events Service will help in identifying changes to the security posture. OCI Events Service enables you to create automation based on the state changes of resources throughout your tenancy. With Event Rules, developers can respond to changes in real-time by triggering code with Functions, writing to Streaming, or sending alerts using Notifications. It was detected that there is no Notification configured for Identity Provider Group mapping changes under root compartment (tenancy) {OciIdentityCompartment.Name}. Event Rules are compartment scoped and will detect events in child compartments. Therefore, it is advised to create the Event Rule at the root compartment level.

• 

  Recommended Mitigation

  It is recommended to setup an Event Rule and Notification at the root compartment (tenancy) level that gets triggered when Identity Provider Group mappings are created, updated or deleted.