Managing Multi-Factor Authentication

Multi-Factor Authentication (MFA) is a method of authentication that requires the use of more than one factor to verify a user’s identity.

Note

The tasks in this section are for an administrator that needs to set up MFA for an identity domain. If you're a user that needs to set up 2-step verification for yourself, see Setting Up Account Recovery and 2-Step Verification.

With MFA enabled in an identity domain, when a user signs in to an application, they’re prompted for their user name and password, which is the first factor – something that they know. The user is then required to provide a second type of verification. The two factors work together to add an additional layer of security by using either additional information or a second device to verify the user’s identity and complete the login process.

MFA may include any two of the following:

  • Something that you know, like a passcode.

  • Something that you have, like a device.

  • Something that you are, like your fingerprint.

Users are increasingly connected, accessing their accounts and applications from anywhere. As an administrator, when you add MFA on top of the traditional user name and password, you reduce the likelihood of online identity theft and fraud, which secures your business applications even if an account password is compromised.

Securing IAM MFA with Oracle Best Practices

If you're using MFA with identity domains, we recommend that you set up MFA using Oracle best practices. See IAM MFA in the Security guide.

Using MFA in Restricted Realms

Not all MFA providers operate exclusively within restricted realm boundaries. Therefore, before enabling MFA features, we recommend that you carefully evaluate the MFA providers you may want to use, to ensure they operate within the bounds of a restricted realm and that they meet your organization’s security and compliance requirements.