Multifactor Authentication (MFA)

If you’re creating a new environment family from 25D onwards, the environments are on Oracle Cloud Infrastructure (OCI) Identity and Access Management, and your users must enroll in multifactor authentication (MFA) for signing in to Oracle Fusion Cloud Applications. Users will be prompted to enroll for the available MFA options, as soon as they try to sign in. The only exception is that users logging in through corporate Single Sign-On (SSO) credentials won't be prompted to enroll.

For existing environments, identity and access management for Fusion Applications will be upgraded to Oracle Cloud Infrastructure (OCI) Identity and Access Management, if the environment isn't already on OCI Identity and Access Management. If it isn't, your identity upgrade will be scheduled separately (not in the same month) after this 25D quarterly update. After the identity upgrade, users can optionally set up MFA when they sign in to a non-federated single sign-on (SSO) environment.

Optionally Determine the MFA Factors Available to Users

For environments on OCI Identity and Access Management, security administrators can select which authentication options are available to users by managing user categories in the Security Console.

  1. On the User Categories page of Security Console, select a user category.
  2. Click Two-Factor Authentication.
  3. Click Edit.
  4. Select the authentication options that you want for your users. All are available to them by default.
    • One-Time PIN over Email
    • One-Time PIN over SMS
    • Passcode on Oracle Mobile Authenticator
    • Push-based notification from Oracle Mobile Authenticator
    • FIDO Passkey Authenticator
    • Bypass code
  5. Click Save and Close.

Enable Secure Authentication

Users can or must enable secure authentication when they sign in. MFA enrollment is mandatory for users in new environment families, but optional for existing environment families.

  1. Sign in to the application using your application user ID and password. If mandatory MFA applies to you, skip to step 5.
  2. Click your user image or name in the global header, and on the Settings and Actions menu, select Set Preferences.
  3. On the General Preferences section, click Password.
  4. On the General Preferences: Reset Password page, click Manage Secure Verification.
    You’re directed to the Oracle Cloud Console.
  5. Click Enable Secure Verification.
  6. Select a method and complete the verification.
    • If you select Mobile App, you have two modes to choose from.
      • Follow the steps under Download and Configure the Mobile App to set up push-based Oracle Mobile Authenticator App.
      • Select Offline Mode or Use Another Authenticator App to set up offline Oracle Mobile Authenticator App. You can then enter the passcode.
    • If you select Email, a one-time passcode is sent to your email address. You can enter the passcode and verify your email address.
    • If you select FIDO Authenticator, you can click Setup and save a passkey from the available options.
  7. After you successfully enroll a factor, you can configure additional secure verification methods on the Security tab that opens. 

After you’ve set up MFA, you use it as a second factor of authentication for signing in. To make further changes to your MFA setup, you can use the Manage Secure Verification link on the General Preferences: Reset Password page.

Here are the business benefits of enabling MFA in your environment:

  • Enhanced security with multiple layers of authentication
  • Reduced risk of unauthorized access and data breaches
  • Facilitation of secure remote access for distributed teams

Steps to Enable

You don't need to do anything to enable this feature.

Tips And Considerations

This feature is not applicable for end users logging in through Corporate Single Sign-On (SSO) credentials.

Access Requirements

To manage the MFA settings in Security Console, Administrators must be assigned a custom role based on the IT Security Manager role.