- Administering Oracle Identity Cloud Service
- Configure Security Settings
- Manage Oracle Identity Cloud Service Multi-Factor Authentication Settings
- Configure Authentication Factors
- Configure Mobile OTP and Notifications
Configure Mobile OTP and Notifications
Configure policy for the time-based one-time passcode (OTP), and protection and compliance policies for the Oracle Mobile Authenticator (OMA) app.
- In the Oracle Identity Cloud Service console, expand the Navigation Drawer, click Security, Factors. and the Mobile App tab appears.
- In the Passcode Policy section, make changes to these settings, if necessary.
The default values are the industry-recommended settings:
- The value in the New Passcode Generation box indicates the number of seconds before a new passcode must be generated.
To avoid clock skew, which is the time difference between the server and the device, the user must make sure that their device clock is synchronized. The maximum allowed time difference between the server and the device is 90 seconds.
- The value in the Secret Key Refreshed box indicates the number of days before you want to refresh the shared secret.
Each time that a user enrolls a mobile device, a secret key is pushed and securely stored on the device via the scanned Quick Response (QR) code or when the user enters the key manually. This key is the input to the OTP algorithm that is used to generate the OTP. The key is refreshed silently, so no user action is required.
- The value in the New Passcode Generation box indicates the number of seconds before a new passcode must be generated.
- In the Notification Policy section, select Enable pull notifications to allow the OMA App to pull pending notification requests from the server.
Pull notifications are updates that are delivered to a mobile device or computer in response to a user who is manually checking for login request notifications. You can only enable this option if you enabled the Mobile App Notification factor on the Multi-Factor Authentication (MFA) Settings page.
Pull notifications are useful in scenarios where the GCM service (Android), APNS Service (iPhone), or WMS service (Windows) doesn’t work. For example, China blocks the GCM service, so users don’t receive notifications that are pushed to their device. However, if pull notifications are available, the user can manually pull notifications from a server using the OMA app. Also, offering pull notifications is useful in situations where push notifications are not 100% reliable.
- In the lower section of the page, configure App Protection Policy and Compliance Policy for the OMA app.
Compliance policy checks are performed each time that the OMA app launches.