As an organization owner in an Identity and Access Governance enabled organization, you monitor access violations for user logins and logins with OAuth apps and API tokens in your organization. You define and modify the policies for triggering violations.

You set up violation policies for logins in your IGA enabled organization by activating various triggers for OAuth apps and API tokens, such as inactive API tokens, inactive OAuth owners, broad service scopes, insecure or unapproved URIs for OAuth apps.
Note: If Source Domain authentication policy is enabled, User Access violations are captured for all login attempts originating from domains that are not allowed by the policy setting.


  1. Log in to the Cloud Services Console with your corporate account.
  2. Navigate to Identity and Access Management > Governance > Violations.
  3. Click Settings.
  4. In the Violation Settings page that opens, modify the settings for OAuth Apps and API tokens as appropriate.
  5. Click Save.


The Violations dashboard is refreshed to display violations according to the new settings.

The information on the dashboards is updated daily.