34 Manage Passwordless Authentication

Learn how to configure Passwordless Authentication for users.

Typical Workflow for Passwordless Authentication

Learn how to configure passwordless authentication to allow users to authenticate their sign on with an identity provider.

Task Description Additional Information

Understand Passwordless Authentication.

You can learn about passwordless authentication and how it can be used with email and mobile authentication.

Understand Passwordless Authentication.

Configure Passwordless Authentication for User Accounts.

You can learn how to configure passwordless authentication and the identity providers available for you to use.

Configure Passwordless Authentication for User Accounts.

Understand Passwordless Authentication

Passwordless authentication allows you to bypass the standard web-form-based authentication presented to users when using email or a mobile device.

Prerequisite

Enable Password Authentication. Oracle must enable this feature for you. To learn about the features that Oracle must enable for you and how to enable them, see Service Request Features for Oracle Identity Cloud Service.

The first time login is through the standard login form. During the first time while accessing the protected resource, users are redirected to the standard login form. After successful login, you can enable passwordless notification-based authentication.

The next time (and subsequently) the user accesses the protected page and is required to log in, a message is displayed (instead of the standard login page) mentioning that a push notification is sent to the user's mobile device.

Note:

In order to use passwordless authentication, users must configure their profiles to use the authentication policy that you have configured.

Configure Passwordless Authentication for User Accounts

You can configure passwordless authentication to allow users email and mobile authentication.

To configure passwordless authentication:
  1. In the Oracle Identity Cloud Service console, expand the Navigation Drawer, and select Settings, and then click Session Settings.
  2. In the Session Settings page, select Enable User Name First.
  3. Click Save.
  4. From the Navigation Drawer, select Security, MFA.
  5. In the Select the factors that you want to enable section, select the factor or factors you want to use. For example, one or both Email and Mobile App Passcode.

    You can use one or both of these factors with passwordless authentication. See Learn About Using Mobile Authenticator Apps with MFA.

  6. Click Save, and then OK in the Confirmation dialog box.
  7. From the Navigation Drawer, select Security, IDP Policies.
  8. In the Identity Provider Policies page, click the identity provider policy that you want to modify.

    The policy opens and displays three tabs: Details, Identity Provider Rules, and Apps. See View Details About an Identity Provider Policy for more information about these tabs.

  9. Click the Identity Provider Rules tab.
  10. Click the Action menuAction menu for the rule you want to modify and select Edit.
  11. In the Edit... dialog box, click in the Assign Identity Providers box and select the identity provider, such as Mobile App Passcode or Mobile App Notification, that you want to assign to this rule.

    Note:

    If MFA factors, such as Mobile App Passcode or Mobile App Notification, were enabled before passwordless authentication has been enabled, then you have to disable the MFA factors and save, then enable the MFA factors again and save, otherwise the factors won't show up in Assign Identity Providers.
    Repeat this step to assign additional Identity Providers.
  12. Click Save.
Passwordless authentication is now configured.
Users must configure their profiles to use the authentication policy that you have configured. On the user log in page, they need to click Show alternative login methods.