1. Administering Oracle Access Management
  2. Managing the Adaptive Authentication Service and Oracle Mobile Authenticator
  3. Configuring TOTP-based Multi Factor Authentication in OAM

37 Configuring TOTP-based Multi Factor Authentication in OAM

This section provides details for configuring TOTP-based Multi Factor Authentication (MFA) in OAM

OAM Bundle Patch 12.2.1.4.210920 and Later Releases. This content applies only to OAM Bundle Patch 12.2.1.4.210920 and later releases.

Perform the following steps to configure TOTP-based MFA in OAM:
  1. Configure MFA using the configureMFA command with config-utility.jar. For example:
    $JAVA_HOME/bin/java -cp $ORACLE_HOME/oam/server/tools/config-utility/config-utility.jar -Doracle.net.tns_admin=/u01/IDMTOP/config/domains/IDMDomain/config/jdbcoracle.security.am.migrate.main.ConfigCommand $DOMAIN_HOME configureMFA $DOMAIN_HOME/propertyfile
    The propertyfile must include the following properties:
    oam.entityStore.schemaUser=<schemaUser>
oam.entityStore.ConnectString=jdbc:oracle:thin:@//<connection string>
oam.entityStore.schemaPassword=<Password>
oam.user.store="<identityStoreName>"
oam.user.role="<RequiredRolename>"

    Note:

    • oam.user.store is optional. If this is not specified, the default Identity Store is used.
    • oam.user.role must be specified with the correct role name of the Administrator.
  2. Set the Post-Authentication Rule
    1. Log in to the Oracle Access Management Console as Administrator.
    2. In the Oracle Access Management Console, click Application Security at the top of the window.
    3. In the Application Security console, click Application Domains.
    4. Search and select the required Application Domain
    5. In the Application Domain window, click Authentication Policies tab, search and select the required Authentication Policy
    6. In the Authentication Policy window, click Advanced Rules tab.
    7. Under Post Authentication, click the plus sign (+) to add a new rule.
    8. Specify the following details in the Add Rule window:
      1. Rule Name: Specify a name for the rule
      2. Condition: Add config.configMap['MFAEnabled'] == 'true' in this field
      3. If condition is true *Switch Authentication Scheme to: Select AdaptiveAuthenticationScheme from the dropdown.
      4. Click Add to apply this rule.
    9. Click Apply to save this updated authentication policy
  3. Enable MFA using the following REST API:
    https://<ManagedServerHost>:<ManagedServerPort>/oam/services/rest/access/api/v1/control/feature?state=enable&componentName=mfa

    For more information, see REST API to Enable MFA in Oracle Access Manager .

Also see, Configuring the Oracle Mobile Authenticator