IDCS: Access to Allowed IPs Denied. "There Was No Matching Sign-on Policy Rule Found". Determine IP Addresses That cause the Policy to Fail (Doc ID 2652986.1)

Last updated on NOVEMBER 18, 2023

Applies to:

Goal

On : NA version, Custom Application Integration

Access to allowed IPs denied, there was no matching sign-on policy rule found.

Attempting to allow a set of network perimeters from customer on-premise to cloud application. While the IDCS sign-on policy is active, all users are getting denied access "policy denies access".

Customer has restricted access to cloud applications through VPN tunnel to OCI. All known network segments have been added to network perimeters and then assigned to a sign-on policy. The policy protects only a particular pair of cloud-based applications.

IDCS login failure report: "The sign-on policy prevents the user admsvcacct from accessing applications protected by Oracle Identity Cloud Service because: There was no matching sign-on policy rule found." The only rule inside the sign-on policy is the Intranet access rule containing the two network perimeters. We suspect that the user is somehow recognized as an Internet user but we cannot determine which IP address is seen by IDCS.

How do we determine the IP address that IDCS sees, or is there some other reason why the sign-on policy is failing?
 

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.