1. Administering Oracle Identity Cloud Service
  2. Configure Security Settings
  3. Manage Oracle Identity Cloud Service Multi-Factor Authentication Settings
  4. Configure Authentication Factors

Configure Authentication Factors

Oracle Identity Cloud Service offers a variety of Multi-Factor Authentication (MFA) factors that you can configure.

The following is a brief overview of the authentication factors available for use with 2-Step Verification.

  • Mobile App Passcode: Use an authenticator app, such as the Oracle Mobile Authenticator (OMA) app to generate an OTP. An OTP can be generated even when the user's device is offline. After the user enters their user name and password, a prompt appears for the passcode. The user obtains a generated passcode from the app, and then enters the code as the second verification method.

    Oracle Identity Cloud Service also works with any third-party authentication app that adheres to the TOTP: Time-Based One-Time Password Algorithm specification, such as the Google Authenticator.

  • Mobile App Notification: Send a push notification that contains an approval request to allow or deny a login attempt. Push notifications are an easy and quick way to authenticate. After the user enters their user name and password, a login request is sent to the app on their phone. The user taps Allow to authenticate.
  • Security Questions: Prompt the user to answer security questions to verify their identity. After the user enters their user name and password, they must answer a defined number of security questions as the second verification method.
  • Text Message (SMS) or Phone Call: Send a passcode as a text message (SMS) or as a phone call to the user. This method is useful for users without Internet connectivity. After the user enters their user name and password, Oracle Identity Cloud Service sends a passcode to their device for use as a second verification method.
  • Recovery Email: Send a one-time passcode in an email to the user's recovery email address. After the user selects Recovery Email as the authentication method, Oracle Identity Cloud Service sends a one-time passcode to the user’s recovery email address for use as a second verification method. The user’s Recovery Email address is defined in the user’s Oracle Identity Cloud Service account.
  • Email: Send a one-time passcode in an email to the user. After the user selects Email as the authentication method, Oracle Identity Cloud Service sends a one-time passcode to the user’s primary email address for use as a second verification method. The user’s primary email (Email) address is defined in the user’s Oracle Identity Cloud Service account.
  • Bypass Code: Use the Oracle Identity Cloud Service self-service console to generate bypass codes. The ability to generate a bypass code is available to the user after the user enrolls in 2-Step Verification. Users can generate bypass codes and save for use later. User-generated bypass codes never expire, but can only be used once. Users also have the option to contact an administrator to obtain a bypass code for access.
  • Duo Security: Enable Duo Security as an MFA Factor so that users use the Duo App or other Duo factors to authenticate. If Duo Security is enabled, users that have not enrolled are prompted to do so when a Sign-On policy triggers an MFA verification.
  • FIDO Authentication: Enable FIDO Authentication as an MFA Factor so that users use platform authentication, such as Windows Hello or Mac Touch ID, or cross platform authentication, using devices such as Yubikeys.