CloudSSO:Configure SCIM credential and SAML signing certificate expiration alerts

Scenarios

Procedure

Perform these steps as a CloudSSO administrator:

Step 1: Create a rule in Cloud Config

1. Log on to the Cloud Config console.

2. To activate Cloud Config, click Activate Now.

   Note

   Skip this step if Cloud Config is already activated.

3. Create a rule.

   1. In the left-side navigation pane, choose Compliance & Audit > Rules.

   2. On the Rules page, click Create Rule.

   3. On the Select Create Method page, select Based on managed rule, choose a rule template, and then click Next.

      For the rule template, select cloudsso-scim-credential-expired-check or cloudsso-directory-saml-expired-check.

   4. On the Set Basic Properties page, configure the basic properties for the rule, and then click Next.

      In the Parameter Settings section, specify how many days before expiration a resource is considered non-compliant. The default is 90 days. You can change this value as needed.

      Retain the default values for other parameters.

   5. On the Set Effective Scope page, review the default resource type, and then click Next.

   6. On the Set Correction page, click Submit.

      You can enable Settings Remediation and configure template remediation or custom remediation for the rule. For more information about remediation, see Overview of remediation settings.

Step 2: Configure a system event-triggered alert rule in the CloudMonitor console

1. Log on to the Cloud Monitor console.

2. Create an alert contact.

   Create an alert contact.

3. Create an alert contact group.

   Create an alert contact group.

4. Create a subscription policy.

   After Cloud Config delivers all non-compliant events to Cloud Monitor, you can create a system event subscription policy to receive alert notifications for non-compliant events through email.

   1. In the navigation pane on the left, select Event Center > Event Subscription.

   2. On the Subscription Policy tab, click Create Subscription Policy.

   3. On the Create Subscription Policy page, configure the following parameters.

      • Basic Information: Enter a subscription policy name.

      • Alert Subscription: Set Subscription Type to System Events. In Subscription Scope, set Products to Cloud Config, Event Type to Notifications, Event Name to Non-compliant event, Event Level to Notification (Info), and optionally enter a keyword to filter in Event Content. Leave Application grouping and Event Resources empty.

        Note

        • For system events supported by CloudConfig, see CloudConfig.

        • Event Content uses keyword matching. For example, entering Critical matches only rules in CloudConfig with a Risk Level of High. You can leave this field empty or enter any other keyword.

      • Combined Noise Reduction: Use the default value.

      • Notifications: When creating the notification configuration, select the alert contact group created in Step 2, and use the default value for Custom Notification Method.

        Note

        • For instructions on creating a notification configuration, see Create a notification configuration policy.

        • Cloud Monitor automatically sends alert notifications based on the notification methods configured for alert contacts in the Alert Contact Group and the alert levels associated with each notification method in Custom Notification Method.

      • Push and Integration: No configuration required.

   4. Click Submit.

References

• Create a rule based on a managed rule

• Use CloudMonitor to trigger alert notifications for non-compliance events