Managing Multifactor Authentication
Multifactor Authentication (MFA) is a method of authentication that requires the use of more than one factor to verify a user's identity to access an identity domain in IAM.
The tasks in this section are for an administrator that needs to set up MFA for an identity domain in IAM. If you're a user that needs to set up 2-step verification for yourself, see Setting Up Account Recovery and 2-Step Verification.
With MFA enabled in an identity domain, when a user signs in to an application, they're prompted for their username and password, which is the first factor – something that they know. The user is then required to provide a second type of verification. The two factors work together to add an additional layer of security by using either additional information or a second device to verify the user's identity and complete the sign in process.
MFA may include any two of the following:
-
Something that you know, such as a passcode.
-
Something that you have, such as a device.
-
Something that you are, such as a fingerprint.
Users are increasingly connected, accessing their accounts and applications from anywhere. As an administrator, when you add MFA on top of the traditional username and password, you reduce the likelihood of online identity theft and fraud, which secures your business applications even if an account password is compromised.
This section contains the following topics:
- Securing IAM MFA with Oracle Best Practices
- Using MFA in Restricted Realms
- Default MFA Security for Identity Domains My Profile and My Apps Pages
- Using Mobile Authenticator Apps with MFA
- Multifactor Authentication Authorization Flow
- Registering a Client Application
- Configuring Multifactor Authentication Settings
- Configuring Authentication Factors
Securing IAM MFA with Oracle Best Practices
If you're using MFA with identity domains in IAM, we recommend that you set up MFA using Oracle best practices. See IAM MFA in the Security guide.
Using MFA in Restricted Realms
Not all MFA providers operate exclusively within restricted realm boundaries. Therefore, before enabling MFA features, we recommend that you carefully evaluate the MFA providers you might want to use, to ensure they operate within the bounds of a restricted realm and that they meet your organization's security and compliance requirements.