Enable Multifactor Authentication (MFA)

Identity and access management for Fusion Applications will be upgraded to Oracle Cloud Infrastructure (OCI) Identity and Access Management, if the environment isn't already on OCI Identity and Access Management. If it isn't, your identity upgrade will be scheduled separately (not in the same month) after the 25C or 25D quarterly update. After the identity upgrade, you can use multifactor authentication (MFA) for signing in to Oracle Fusion Cloud Applications. There are six different authentication factors available for MFA. Security administrators can choose which of these six factors are available for users to set up MFA. Users can set up MFA with any of the available factors when they sign in to a non-federated single sign-on (SSO) environment.

  • One-Time PIN over Email
  • One-Time PIN over SMS
  • Passcode on Oracle Mobile Authenticator
  • Push-based notification from Oracle Mobile Authenticator
  • FIDO Passkey Authenticator
  • Bypass code

Optionally Determine the MFA Factors Available to Users

By default, all six factors are available to users. Security administrators can restrict the number of authentication options by managing user categories in the Security Console.

  1. On the User Categories page of Security Console, select a user category.
  2. Click Two-Factor Authentication.
  3. Click Edit.
  4. Select all the authentication options that you want for your users.
    One-Time PIN over Email, One-Time PIN over SMS, and Passcode on Oracle Mobile Authenticator are the default options.
  5. Click Save and Close.

Enable Secure Authentication
After the security administrator has configured the authentication options, users can enable secure authentication when they sign in.

  1. Sign in to the application using your application user ID and password.
  2. Click your user image or name in the global header, and on the Settings and Actions menu, select Set Preferences.
  3. On the General Preferences section, click Password.
  4. On the General Preferences: Reset Password page, click Manage Secure Verification.
    You’re directed to the Oracle Cloud Console.
  5. Click Enable Secure Verification.
  6. Select a method and complete the verification.
    • If you select Mobile App, you have two modes to choose from.
      • Follow the steps under Download and Configure the Mobile App to set up push-based Oracle Mobile Authenticator App.
      • Select Offline Mode or Use Another Authenticator App to set up offline Oracle Mobile Authenticator App. You can then enter the passcode.
    • If you select Email, a one-time passcode is sent to your email address. You can enter the passcode and verify your email address.
    • If you select FIDO Authenticator, you can click Setup and save a passkey from the available options.
  7. After you successfully enroll a factor, you can configure additional secure verification methods on the Security tab that opens. 

After you’ve set up MFA, you use it as a second factor of authentication for signing in. To make further changes to your MFA setup, you can use the Manage Secure Verification link on the General Preferences: Reset Password page.

Here are the business benefits of enabling MFA in your environment:

  • Enhanced security with multiple layers of authentication
  • Reduced risk of unauthorized access and data breaches
  • Facilitation of secure remote access for distributed teams

Steps to Enable

You don't have to do anything to enable this feature. 

Tips And Considerations

This feature is not applicable for end users logging in through Corporate Single Sign-On (SSO) credentials.

Access Requirements

To manage the MFA settings in Security Console, Administrators must be assigned a custom role based on the IT Security Manager role.