Control: 1.13 Ensure all OCI IAM user accounts have a valid and current email address
Description
All OCI IAM local user accounts have an email address field associated with the account. It is recommended to specify an email address that is valid and current.
If you have an email address in your user profile, you can use the Forgot Password link on the sign on page to have a temporary password sent to you.
Having a valid and current email address associated with an OCI IAM local user account allows you to tie the account to identity in your organization. It also allows that user to reset their password if it is forgotten or lost.
Remediation
OCI IAM without Identity Domains
From Console
- Login to OCI Console.
- Select
Identityfrom Services menu. - Select Users from Identity menu.
- Click on each non-complaint user.
- Click on
Edit User. - Enter a valid and current email address in the EMAIL text box.
- Click
Save Changes.
From CLI
- Execute the following for each non-compliant user:
oci iam user update --user-id <user-ocid> --email '<email address>'
OCI IAM with Identity Domains
From Console
- Login to OCI Console.
- Select
Identity & Securityfrom the Services menu. - Select Domains from the Identity menu.
- For each domain listed, click on the name and select
Users. - Click on each non-complaint user.
- Click on
Edit User. - Enter a valid and current email address in the Email and Recovery Email text boxes.
- Click
Save Changes.
Usage
Run the control in your terminal:
powerpipe control run oci_compliance.control.cis_v200_1_13Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run oci_compliance.control.cis_v200_1_13 --shareSQL
This control uses a named query:
identity_user_valid_email