1. Administering Oracle Advanced Authentication and Oracle Adaptive Risk Management
  2. Transitioning from Oracle Adaptive Access Manager (OAAM) to Oracle Adaptive Risk Management (OARM) and Oracle Advanced Authentication (OAA)
  3. OAAM Features Not Supported or Changed in OARM and OAA

8 OAAM Features Not Supported or Changed in OARM and OAA

The following table lists the features from OAAM that are not supported in OARM and OAA:

Table 8-1 Features from OAAM that are not Supported in OARM and OAA

Features Resolution Additional Note
Challenge Policies Configure the challenge methods in OAA. All the data is preserved for existing challenge methods. End users do not have to re-register. OAA offers modern challenge methods like Passwordless authentication, FIDO2, Yubikey, and so on.
Authentication Pads Use modern strong authentication capabilities that are available in OAA. Authentication pads are used to mitigate capturing passwords, which can be achieved using Multi-Factor Authentication (MFA) and passwordless authentications in OAA.
OAAM Offline None OAAM offline is used to evaluate the effectiveness of policies. This can be better accomplished by creating policies online targeted at test users or no actions.
Customer Service Representative (CSR) / Case Management Use REST APIs to integrate with external Customer Care Services. Modern customer care CSR services provide vastly superior capabilities.
Investigation Management None None
SOAP API Use modern REST APIs in place of SOAP APIs Eliminates the need for client-side SDKs.
Support for Registration Flows Switch to modern User self-service-based registration OAA supports a modern User self-service-based registration through Self-Service Portal.
Linked Entities None None

Additional Changes in OARM and OAA

The following are some additional changes that you find after transitioning to OAA and OARM.

  • Browsing legacy OAAM policy is supported through OAAM Policy Explorer in the OAA Administration UI Console.
  • Built in support for Device Identification policies.
  • Out-of-the-box policies no longer include non-business critical policies (Authentication, mobile and social, pre-authentication, create transaction, update transaction, and so on).
  • Business Transactions use cases can be accomplished using Custom User Activity flows.
  • OAM integration use cases continue to work with OAA and OARM replacing OAAM.
  • Policies associated with Post Auth Policy checkpoint in OAAM will be associated with User Authentication Activity.
  • End-user's email, SMS and KBA questions are picked up by OAA. No changes are required.
  • Factor registration is supported by OAA.
  • Policies/CheckPoints: No migration required for any custom policies that administrators have authored in OAAM.