Using the On Demand MFA API to Develop Custom Sign-In Page

This use case provides a step-by-step example of using the Oracle Identity Cloud Service Authenticate API to authenticate users and perform multi-factor enrollment and authentication.


Use this Authenticate API only if you're building your own end-to-end login experience by developing a custom sign-in application to be used by Oracle Identity Cloud Servcice.


This Authenticate API can't be used to integrate your applications with Oracle Identity Cloud Service for single sign-on purposes.

The On Demand MFA API is based on the concept of a state machine. Request responses inform an application client what has to be done next rather than requiring users to have third-party cookies enabled in their browsers. Third-party cookies enabled in browsers can pose problems, especially for B2C applications where controls on end-user behavior can't be enforced. The requestState provided in each request response is used in the next request, providing the client with the information that it needs to process the request, and then provide the next set of operations allowed.

The On Demand MFA API can:
  • Support user enrollment with MFA factors enabled by the administrator
  • Strengthen the security of password-based authentication using Multi-Factor Authentication (MFA) by requiring additional verification, such as using a time-based one-time passcode or an SMS passcode.
  • Perform MFA enrollment, MFA verification and User Authentication Factor management.


See the Oracle Identity Cloud Service Authentication API Postman collection for extensive authentication use case examples. Download the collection and the global variables file from the idcs-authn-api-rest-clients folder within GitHub and then import them into Postman.

The following example sets are included in this use case:

Factor Enrollment With Verification