Configuring YubiKey with Oracle Advanced Authentication


This tutorial shows you how to configure Yubikey with Oracle Advanced Authentication (OAA) for the purposes of multi-factor authentication. In this tutorial a user will access an application protected via an Oracle WebGate and Oracle Access Management (OAM). Once authenticated in OAM the user is challenged to authenticate with Yuibkey as a second factor.


In this tutorial you will perform the following tasks:

  1. Configure Yubikey Manager.
  2. Configure YubiKey for the OAM Integration Agent.
  3. Configure Yubikey in User Preferences.
  4. Access a Protected Application using Yubikey.


Before starting this tutorial you must have:

Configure Yubikey Manager

In this section you configure your YubiKey in YubiKey Manager.

  1. Download and install YubiKey Manager.

  2. Start YubiKey Manager.

  3. Insert the YubiKey into your device.

  4. Select Applications then OTP.

  5. In Long Touch Slot select Configure.

  6. In Select Credential Type select Yubico OTP.

  7. In the Yubico OTP screen:

    • Select the Use serial check box.
    • For Private ID select Generate.
    • For Secret Key select Generate.

    Note: It is important to make note of the values for Public ID, Private ID, and Secret key now. Once you click Finish you will not be able to retrieve these values again.

    Description of the illustration yubikey_manager.jpg

Configure YubiKey for the OAM Integration Agent

In this section you configure the OAM Integration Agent in OAA to use YubiKey.

  1. Log in to the OAA Administration console with you administrator credentials. For example,

  2. From the left hand navigation menu select Manage Integration Agents.

  3. Click the OAM Integration Agent. For example, OAM-MFAPartner.

  4. In the Assurance Levels tab click the Assurance Level. For example, OAM MFA-Level.

  5. Under Use the Factor(s) select Yubico OTP Challenge.

  6. Click Save.

    Description of the illustration yubikey_factor.jpg

Configure Yubikey in User Preferences

In this section the end user configures YubiKey in their User Preferences.

  1. Access the OAA User Preferences console. For example,

  2. Log in as the end user. For example, testuser/<password>.

  3. Select Add Authentication Factor and from the drop down menu select YubiKey OTP Challenge.

  4. In the Add YubiKey screen enter the following and click Save:

    Friendly Name: My YubiKey Public ID: <Public ID> Secret Key: <Secret Key> Private ID: <Private ID>

    Note: The values above should match the values generated in the Yubico OTP screen in Configure Yubikey Manager.

    For example:

    Description of the illustration add_yubikey.jpg

Access a Protected Application using Yubikey

In this section you access a protected application, login to OAM and test that second factor authentication works with YubiKey.

  1. Launch a browser and access the protected application. For example, As this application is protected you should be redirected to the OAM login page. Log in as the end user for whom Yubikey is configured. For example, testuser/<password>.

  2. If the login is successful you will be redirected to the OAA challenge choice page. Click Enter OTP from device My YubiKey.

    Description of the illustration select_yubikey.jpg

  3. You will be directed to the YubiKey screen. Click inside the OTP box and then touch (long touch) the YubiKey in your USB port. The OTP should populate. Click Verify.

    Description of the illustration verify_yubikey.jpg

  4. If the authentication is successful you should be redirected to the protected application page. For example, /mybank.

    Description of the illustration mybank.jpg

Learn More

More Learning Resources

Explore other labs on or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.