1. Securing Applications
  2. Enable Passwordless Authentication

Enable Passwordless Authentication

Passwordless authentication lets users sign in without entering their user name and password every time.

The first time the user signs in, they enter their user name and password on the standard sign-in page. The next time, and on future occasions, the user is shown two pages when they sign in. In the first page, the user provides their user name, and then clicks Sign in. OCI IAM identity domain evaluates the authentication factors (such as Email, Mobile App notification, or Mobile App passcode) that are available to use to sign in to Oracle Fusion Cloud Applications. The authentication factors appear in the second sign in page. The user uses one of the authentication factors to access Oracle Fusion Cloud Applications.

Passwordless authentication is sometimes confused with Multifactor Authentication (MFA). Both MFA and passwordless authentication use a wide variety of authentication factors, but MFA is often used as an extra layer of security on top of regular password-based authentication. Whereas passwordless authentication doesn't require a memorized secret and usually uses just one secure factor to authenticate identity, making it faster and simpler for users.

If you later choose to turn off passwordless authentication, then the user can authenticate to Oracle Fusion Cloud Applications at the sign-in page by providing their credentials (user name and password), or by using a SAML or identity provider.

To define passwordless authentication, you must be assigned the IT Security Manager role.

Prerequisite to Enable Passwordless Authentication

Before enabling passwordless authentication, make sure that every user has at least one MFA factor enabled.
Note: Once passwordless authentication is enabled, it’s applicable for all users.

Configure Passwordless Authentication

If passwordless authentication enabled, users can use their phone number or email as the user name on the sign-in page. Once enabled, when signing in for the first time, only the user name is displayed on the sign-in page and there’s no option to enter password. On entering the user name in the sign-in page, users are prompted with the MFA options that were configured by the administrator.

  1. In the Oracle Cloud console, expand the Navigation Drawer, select Settings, and then click Session Settings.
  2. In the Session Settings page, select Enable User Name First.
  3. Click Save.

User Sign-In Experience

After you have configured passwordless authentication for your users, their sign-in experience changes.
  1. The sign in page has only a username field. There isn't a password field.
  2. The user enters their user name, and they select Sign In.
  3. A second page appears where they enter the verification required by the authentication factor you have chosen, for example a passcode in an email.
  4. If there is more than one passwordless authentication factor, the user can select Show alternative login methods to choose a different one.