Configuring Mobile Authenticator TOTP with Oracle Advanced Authentication
Introduction
This tutorial shows you how to configure TOTP (Time-based One Time Password) for use with a Mobile Authenticator and Oracle Advanced Authentication (OAA). In this tutorial a user will access an application protected via an Oracle WebGate and Oracle Access Management (OAM). Once authenticated in OAM, the user is challenged to authenticate with a code displayed in the Mobile Authenticator.
For the purposes of this tutorial, Oracle Mobile Authenticator (OMA) is used as the Mobile Authenticator. Google Authenticator or Microsoft Authenticator can also be used.
Objective
In this tutorial you will perform the following tasks:
- Configure TOTP for the Mobile Authenticator.
- Access a Protected Application using the Mobile Authenticator.
Prerequisites
-
Before starting this tutorial you must have followed the tutorial Integrate Oracle Access Management with Oracle Advanced Authentication.
-
Install the Mobile Authenticator application of your choice on the mobile device. You can download the Mobile Authenticator for Android, iOS, and Microsoft, from the Google Play Store, Apple App Store, and Microsoft store respectively.
Configure TOTP
-
Access the OAA User Preferences console. For example,
https://oaa.example.com/oaa/rui/. -
Log in as the end user. For example,
testuser/<password>. -
Select Add Authentication Factor, and from the drop down menu select Oracle Mobile Authenticator.
Note: Oracle Mobile Authenticator is to be selected if using Google Authenticator or Microsoft Authenticator.
-
In the Setup Mobile Authenticator screen, enter a value in the Friendly Name field.
A Key and a QR code is displayed:
Description of the illustration configure_authenticator.jpg
Note: The Key and QR code are both displayed as the OAA configuration properties
bharosa.uio.default.challenge.type.enum.ChallengeOMATOTP.registration.showQrcodeandbharosa.uio.default.challenge.type.enum.ChallengeOMATOTP.registration.showSecretKeyTextare set totrueby default. To prevent either the Key or the QR code from being displayed, set the relevant parameter tofalse. For further details on how to set configuration properties, see Configuration Properties for OAA. -
On your mobile device start the Mobile Authenticator and add an Account. Either scan the QR code or enter the key manually:
QR code example:
Description of the illustration qrcode.jpg
Key example:
Description of the illustration key.jpg
The new account will be displayed in the Authenticator application:
-
In the Setup Mobile Authenticator screen, click Save.
Description of the illustration save.jpg
The User Preferences UI will show the factor has been added:
Access a Protected Application using Mobile Authenticator TOTP
In this section you access a protected application, login to OAM and test that second factor authentication works with the Mobile Authenticator.
-
Launch a browser and access the protected application. For example,
http://oam.example.com:7777/mybank.As this application is protected you should be redirected to the OAM login page. Log in as the end user for whom the Mobile Authenticator factor is configured. For example,
testuser/<password>. -
If the login is successful you will be redirected to the Mobile Authenticator verification page. Enter the verification code displayed in the Mobile Authenticator application. Click Verify.
-
If the authentication is successful you should be redirected to the protected application page. For example,
/mybank.
Learn More
Feedback
To provide feedback on this tutorial, please contact idm_user_assistance_ww_grp@oracle.com
More Learning Resources
Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.
For product documentation, visit Oracle Help Center.
Configuring Mobile Authenticator TOTP with Oracle Advanced Authentication
F81242-02
July 2023
Copyright © 2023, Oracle and/or its affiliates.