1. Administering Oracle Advanced Authentication and Oracle Adaptive Risk Management
  2. Administering Oracle Advanced Authentication
  3. Configuring Oracle Advanced Authentication
  4. Onboarding Users in OAA

11.1 Onboarding Users in OAA

For end users to be able to access and use the Self-Service Portal, the user must be created in OAA.

Administrators have the following options to create users in OAA:
  • Auto-create users using the Self-Service Portal.
  • Use REST API's to create users and their factors.
  • Use the OAAAuthnPlugin to migrate users from OAM.
The sections below outline the steps for each option.

Auto-create Users Using the Self-Service Portal

Administrators can configure OAA so when an end user logs into the Self-Service Portal for the first time, OAA will create the user automatically. Once logged in to the Self-Service Portal, the end user can create their authentication factors manually.

To configure OAA to create users automatically when accessing the Self-Service Portal:
  1. Set the property oaa.default.spui.pref.runtime.autoCreateUser=true using the <PolicyUrl>/policy/config/property/v1 REST API endpoint.

    Note:

    In this case remove /oaa-policy from the <PolicyUrl>, for example use https://<host>:<port>/policy/config/property/v1 not https://<host>:<port>/oaa-policy/policy/config/property/v1

For details about finding the PolicyUrl and authenticating, see OAA Admin API.

For details about the Configuration Properties REST Endpoint, see Configuration Properties REST Endpoints.

Use REST API’s To Create Users and Their Factors

Administrators can create users and their factors using REST API's. Once the user is created via REST API's, they can log in to the Self-Service Portal and see all their authentication factors. Users can then manage their factors as they choose.

For more details, see Registering Users with Challenge Factors in OAA.

Use the OAAAuthnPlugin To Migrate Users From OAM

Administrators can use the OAAAuthnPlugin to migrate users and configured factors from Oracle Access Management (OAM). Once the OAAAuthnPlugin is configured, when a user accesses an OAM protected application, that user will automically be migrated to OAA along with any factors configured, based on defined LDAP attributes.

Note:

Only Email, SMS, and Oracle Mobile Authenticator TOTP are supported for migration.

Once the user is migrated, the user can access the Self-Service Portal and view and manage their configured factors.

For details on how to configure the OAAAuthnPlugin, see Integrate Oracle Access Management with Oracle Advanced Authentication .