Managing Factors in the Self-Service Portal

11.7 Managing Factors in the Self-Service Portal

OAA provides users with a Self-Service Portal for managing factors.

Access the Self-Service Portal by launching a browser and accessing https://<SpuiURL>. The user logs in to the console using their username (e.g.


                                testuser1

) and their password set in the OAM OAuth identity store.

Note:

For details on finding the <SpuiUrl>, see Printing Deployment Details.

On the My Authenticators page, for each of the factors registered, a corresponding challenge factor tile is displayed. For example, if the user is registered with Oracle Mobile Authenticator (OMA) and Email challenge factors, the corresponding tiles named Oracle Mobile Authenticator and Email Challenge are displayed.

On the factor tiles you can choose to Disable, Enable, or Delete a factor, or set your default authentication factor. To do this, click the ellipsis button on the factor tile and select one of the following options:

Disable: The factor is disabled, and will not be displayed during the second-factor authentication.
Set As Default: The factor is set as the default challenge factor and is displayed automatically during the second-factor authentication. A green dot appears on the default factor in the Self-Service Portal.
Delete: The factor is deleted.
Enable: If the factor is disabled, you can choose to enable it by selecting this option.

In addition to the registered factors, you can also add more factors for second-factor authentication. Click Add Authentication Factor and choose the required factor from the displayed list. Based on the factors registered for the user, the following factors can be displayed:

Factors	Values
Oracle Mobile Authenticator	Friendly Name: Specify a name. Key: A key is generated by OAA. QR Code: Scan the QR code using the Oracle Mobile Authenticator, Google Authenticator, or Microsoft Authenticator application. Note: It is not possible to configure SafeID using Oracle Mobile Authenticator in the Self-Service Portal. SafeID configuration must be performed by an Administrator. See Configuring SafeID Challenge in Oracle Advanced Authentication.
Email Challenge	Friendly Name: Specify a name. Email: Specify the required email.
FIDO2 Challenge	Friendly Name: Specify a name. Click Register and then perform the required action for your FIDO2 device. For example if using Yubikey touch your Yubikey, or if using Windows Hello using fingerprint for example, touch your fingerprint. Note: Depending on your FIDO2 implementation you may be asked to setup a security passkey before performing the specific action for your FIDO2 device.
OMA Push Notification Challenge	Scan the QR code, or manually register your device. In the OMA application enter the userid and PIN displayed here.
Security Question Challenge	Question 1: Select a question to answer. Answer 1: Provide an answer the question. Repeat for the remaining Question and Answers.
SMS Challenge	Friendly Name: Specify a name. Phone: Specify the phone number.
Yubico OTP Challenge	Friendly Name: Specify a name. Public ID: Type the Public ID. It must be the same as the Public ID (or serial) specified while configuring the Yubico OTP for your YubiKey device. Secret Key: Type the Secret Key. It must be the same as the Secret Key generated while configuring the Yubico OTP for your YubiKey device. Private ID: Type the Private ID. It must be the same as the Private ID generated while configuring the Yubico OTP for your YubiKey device.

For more details on configuring these factors, see the following tutorials: