36.3 Using the Oracle Mobile Authenticator App on Android

The following sections contain procedures for using OMA on an Android mobile device.

36.3.1 Configuring the Oracle Mobile Authenticator for Android

This procedure configures the OMA on Android to communicate with Access Manager. A configuration URL is provided by the Access Manager administrator either by e-mail or through a web page. Details about the URL are in Understanding Oracle Mobile Authenticator Configuration.

  1. Tap the configuration URL provided by the Access Manager administrator.

    The app will open, display a unique service name to identify this app configuration, and prompt the user to accept the new settings.

  2. Tap Accept to apply the settings.

    The OMA is configured to communicate with Access Manager.

36.3.2 Initializing the Oracle Mobile Authenticator on Android

The OMA must authenticate and register an account with Access Manager. Be sure to complete Configuring the Oracle Mobile Authenticator for Android before attempting these procedures. Any of the following procedures can be used to initialize the OMA.

36.3.2.1 Initializing the Oracle Mobile Authenticator for OTP Generation on Android

Once authenticated, the app receives a key from the server that will be used to generate the OTP.

  1. Tap the Sign In button.

    The login screen will appear.

  2. Select the service name for which you are configuring second factor authentication.

    This is the unique service name defined in Configuring the Oracle Mobile Authenticator for Android.

  3. Enter your user name and password and tap Submit.

    If login is successful, you will be taken to the OTP screen for the newly added account. If login is successful but an account with the same user name for the same service already exists, you will be asked to enter a different user name. Once the user name is unique, you will be taken to the OTP screen.

36.3.2.2 Adding a OTP Generation Account Manually on Android

You can manually configure a OTP account by entering a unique account name and key. This is the same account that would be created automatically in Initializing the Oracle Mobile Authenticator for OTP Generation on Android.

  1. Tap Enter Provided Key.
  2. Enter a unique account name and key.

    If the name and key are valid, you will be taken to OTP screen for your new account. If the name is not unique or the key is not valid, you will be prompted to enter the information again.

36.3.2.3 Initializing Oracle Mobile Authenticator for Access Request (Push) Notifications Using Google Cloud Messaging

The OMA must register successfully with the Google Cloud Messaging (Push Notification) servers and get a unique registration token. This registration token is sent to Access Manager to complete the push notification setup. Once complete, the OMA can register with Access Manager to receive push notifications.

  1. Tap the Sign In button.

    The login screen will appear.

  2. Select the service name for which you are configuring second factor authentication.

    This is the unique service name defined in Configuring the Oracle Mobile Authenticator for Android.

  3. Enter your user name and password and tap Submit.

    If authentication and registration is successful, you will be taken to the Accounts page which will display all the accounts that have been configured for Push Notifications.

36.3.2.4 Initializing Oracle Mobile Authenticator for Access Request (Push) Notifications and OTP Generation on Android

The OMA must register successfully with the Google Cloud Messaging (Push Notification) Servers and get a unique registration token. This registration token is sent to Access Manager to complete the push notification setup. Afterwards, the OMA can register with Access Manager to receive push notifications.

  1. Tap the Sign In button.

    The login screen will appear.

  2. Select the service name for which you are configuring second factor authentication.

    This is the unique service name defined in Configuring the Oracle Mobile Authenticator for Android.

  3. Enter your user name and password and tap Submit.

    If authentication and registration is successful, you will be taken to the OTP screen for the newly added account. If login is successful but a OTP account with the same user name for the same service already exists, you will be asked to enter a different user name. Once the user name is unique you will be taken to the OTP screen. Note that the newly added account will have small globe icon on the top left corner signifying that this account is also configured for push notifications.

36.3.2.5 Configuring Oracle Mobile Authenticator for Offline OTP Generation on Android

The OMA can also be configured with a URL that contains the key used for generating a OTP. This allows for OTP generation when the mobile app is offline. This configuration URL contains the secret key so it should be delivered on a secure channel.

  1. Tap on the offline configuration URL.

    This will open the OMA. If there are no OTP accounts configured with the same service name defined by the URL, the account will be added and user will be taken to the OTP screen. If there are user name conflicts, the user will be prompted to enter a new, unique service name.

  2. Enter the displayed OTP in the corresponding login page to complete authentication.

36.3.3 Copying a One-Time Password from the Oracle Mobile Authenticator on Android

Use this procedure to copy a OTP from the OMA.

  1. Long press on the account from which you want to copy the OTP.

    Three icons are displayed in the top/ action bar.

  2. Tap the Copy icon on the left to copy the one-time password to the clipboard.
  3. Paste the one-time password in the corresponding login page to complete authentication.

36.3.4 Editing an Account on the Oracle Mobile Authenticator on Android

Use this procedure to edit an account on the OMA.

  1. Long press on the account you want to edit.

    Three icons are displayed in the top/ action bar.

  2. Tap the Edit icon in the middle to edit an account.

    A new screen in which you can edit the user name and secret key is displayed.

  3. Edit the name and/or key.
  4. Tap Save to complete the modification.

36.3.5 Deleting an Account on the Oracle Mobile Authenticator on Android

Use this procedure to delete an account on the OMA.

  1. Long press on the account you want to delete.

    Three icons are displayed in the top/ action bar.

  2. Tap the Delete icon on the right to delete an account.

    You will be prompted for confirmation.

  3. Tap Delete to confirm and delete.

36.3.6 Responding to Access Request (Push) Notifications on Android

The OMA can receive push notifications from Access Manager if the push notification option is selected when configuring two factor authentication. An administrator can use this procedure to respond to the notifications received on the mobile device.

  1. Tap the notification alert on the mobile device.

    The OMA app will come to the foreground and display notification details. This includes a user name, the resource being accessed, access time and IP address. A timer depicting how much time you have to respond to this notification is also displayed.

  2. Tap Allow or Deny to control access to the resource.

    OMA will send the resource to Access Manager and remove the notification information screen.

36.3.7 Displaying Access Request (Push) Notifications History on Android

You can see the notifications which were received by the OMA and the decision taken for that particular access request.

  1. Tap on menu in the action bar.
  2. Tap on the Notifications menu item.

    All the notifications that have been received by Oracle Mobile Authenticator will be shown.

  3. Tap on any of the notifications to see the details.

36.3.8 Displaying Service Account Details on Android

You can display the services with which the OMA has been configured. This corresponds to the unique service name defined in Configuring the Oracle Mobile Authenticator for Android.

  1. Tap on menu in the action bar.
  2. Tap the Configurations menu item.

    All the services that have been configured using this OMA will be displayed.

  3. Tap a specific configuration to display the details.

    A screen will be displayed that will show all the details of the selected configuration. You can select each configuration to see the details. You can delete a configuration by selecting the delete item from the menu items in the action bar.

36.3.9 Displaying Access Manager Registered Accounts on Android

You can see all the accounts that are added to the OMA and check the account type (OTP, notification or a combination of both). This corresponds to accounts configured using one of the procedures in Initializing the Oracle Mobile Authenticator on Android.

  1. Tap on the menu in the action bar.
  2. Tap the Accounts menu item.

    All the accounts that currently exist in the OMA will be displayed. You can long press on an account to edit or delete it.

36.3.10 Displaying the OMA Version on Android

You can display the version number of the OMA running on your mobile device.

  1. Tap the menu in the action bar.
  2. Tap the About menu item to display the OMA version.