1. Securing Student Management
  2. Enable Multifactor Authentication

Enable Multifactor Authentication

With the identity management migration to the Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) identity domain, you can enable Multifactor Authentication (MFA) for signing in to Oracle Fusion Cloud Applications.

Enable Multifactor AuthenticationMFA provides an additional layer of security for verifying your identity and ensures a secure sign-in.

Oracle Fusion Cloud Applications leverages the MFA functionality available within the OCI Identity and Access Management (IAM) identity domain and supports six different factors. Security administrators can choose among these six factors and make them available for users to set up MFA. Users can set up MFA with the provisioned factors when they sign-in. MFA is supported only in non-federated single sign-on (SSO) environments. Here are the six factors:
  • One-Time PIN over Email
  • One-Time PIN over SMS
  • Passcode on Oracle Mobile Authenticator
  • Push-based notification from Oracle Mobile Authenticator
  • FIDO Passkey Authenticator
  • Bypass code

For the One-Time PIN over SMS factor, the work mobile is used as the phone number for authentication. User details such as phone number (work mobile) and email (work email) are stored in the product-specific user profile settings in Oracle Fusion Cloud Applications, and not on the OCI IAM identity domain.

To manage the MFA settings in Security Console, you must be assigned a custom role based on the IT Security Manager role.

Determine the Authentication Factors Available to Users

Security administrators can assess their authentication requirements and decide on the number of factors to be enabled.
  1. On the User Categories page of Security Console, select the user category that's associated with the target users.
  2. Click Two-Factor Authentication.
  3. Click Edit.
  4. Select all the authentication options that you want for your users

    One-Time PIN over Email, One-Time PIN over SMS, and Passcode on Oracle Mobile Authenticator are selected by default, but you can modify if required.

After you enable MFA, when users of that user category sign in to Oracle Fusion Cloud Applications, they’ll be redirected to the Oracle Cloud Console page and prompted to enable secure verification for themselves. See “Set up Multi-Factor Authentication”.