1.2 Features of Oracle Advanced Authentication (OAA)
Oracle Advanced Authentication (OAA) constitutes unique features that facilitate deployment, configuration, and integration with other products.
The following are the features of OAA:
- Runs as a standalone micro-service on a Kubernetes platform and is deployed using Helm charts.
- Supports integration with the following clients to enable Multi-factor
Authentication (MFA):
- Clients providing web-based user login flows, such as Oracle Access Management (OAM). OAA integrates with OAM through Trusted Authentication Protocol (TAP).
- Clients providing API-based user login flows, such as Oracle RADIUS Agent (ORA). OAA integrates with ORA through REST APIs. This type of integration enables clients to manage its own user-flow orchestration.
- Provides the
OAAAuthnPlugin
for integrating with OAM. The plug-in also enables migration of user data from the identity store on OAM to OAA. - Provides web UI (OAA Administration console) for administrators to create and manage client registrations, assurance levels and rules. Administrators can also achieve all the administration tasks using REST APIs.
- Provides web UI (Self-Service Portal) for end-users to manage and register their challenge-factors. User self-registration and management can also be performed using REST APIs.
- Web UIs are secured by OAM OAuth and OpenID Connect (OIDC).
- Provides the following challenge-factors out-of-the-box:
- TOTP (Time-based One Time Passcode) with Oracle Mobile Authenticator (OMA), Google Authenticator, Microsoft Authenticator, and SafeID/Classic.
- OTP (One Time Passcode) with email and SMS.
- Yubikey OTP.
- FIDO2 - Biometric support using Windows Hello and Mac Touch ID. Support for Yubikey.
- Knowledge-Based Authentication (KBA).
- Push Notifications with Oracle Mobile Authenticator.