1. Administering Oracle Advanced Authentication and Oracle Adaptive Risk Management
  2. Introduction to Oracle Advanced Authentication, Oracle Adaptive Risk Management, and Oracle Universal Authenticator
  3. Introducing Oracle Advanced Authentication
  4. Understanding Oracle Advanced Authentication

1.4 Understanding Oracle Advanced Authentication

The following terms are used in OAA:

Integration Agent

In OAA, the clients that integrate with OAA are referred to as integration agents. The integration can be either REST-API-based, for example, Oracle RADIUS Agent (ORA) or browser-based through TAP, for example, Oracle Access Management (OAM).

Integration agents can be registered with OAA and managed through the Administration Console UI.

Assurance Level

Assurance Level indicates the level of assurance that is needed by the integration agent. It is a key contract between the integration agent and OAA that enforces the rules to be run for the user-login-flow. OAA runs the linked rules for that flow and determines Multi Factor Authentication (MFA) orchestration.

Assurance Levels can be defined to closely align with the NIST recommendations. However, this is not mandatory and Assurance Levels can be named in a reader-friendly way.

An integration agent can be assigned with multiple Assurance Levels, however, an Assurance Level can be associated with only one integration agent. Following are some examples of Assurance Levels:

  • The RADIUS integration agent can define an Assurance Level named Radius_DB12_AL to indicate that the integration agent manages users from DB12 client
  • OAM Server can define an Assurance Level named OAM_AuthLevel6 to indicate that the resources are protected at auth-level 6 with OAM.
  • OAM Server can define an Assurance Level named PasswordLess1 to indicate that the resources are protected by a Passwordless scheme.

Challenge Factor

A Challenge Factor presents a challenge to the user and verifies if the user has correctly provided the expected input.

OAA supports the following factors out-of-the-box: E-Mail, SMS, Time-Based One Time Passcode (TOTP), FIDO2, Yubikey, Knowledge-Based Authentication (KBA), and Push notifications.

Rules

Each integration agent can have multiple assurance levels, and each assurance can have multiple rules in it. Each rule can have its own outcome of factors.

Rule: A Rule is an expression that contains attributes of user, such as UserID, IP address, and so on combined with conditions. At run time the actual values are substituted in this expression and the rule outcome as a group of actions is calculated.

Conditions: Conditions are expressions that compare the attributes with operators like equals, not equals, in group, and so on, based on the context.