Configuring FIDO2 Challenge with Windows Hello in the Oracle Advanced Authentication Self-Service Portal

Introduction

OAA supports FIDO2 using:

• Windows Hello using a PIN, or with biometrics such as facial recognition and fingerprint.
• Mac Touch ID.
• Yubikey.

This tutorial shows you how to use the Self-Service Portal to configure the FIDO2 challenge factor using Windows Hello in Oracle Advanced Authentication (OAA) for the purposes of multi-factor authentication.

To learn how to configure FIDO2 with Yubikey, see Configuring FIDO2 Challenge with Yubikey in the Oracle Advanced Authentication Self-Service Portal.

To learn how to configure FIDO2 with Mac Touch ID, see Configuring FIDO2 Challenge with Mac Touch ID in the Oracle Advanced Authentication Self-Service Portal.

Objectives

In this tutorial you will perform the following tasks:

1. Configure the FIDO2 challenge factor using Windows Hello in the Self-Service Portal.

Prerequisites

Before starting this tutorial ensure you have met these requirements:

1. An Oracle Advanced Authentication deployment is available.
2. You have access to the Self-Service Portal and can login with your user credentials.
3. You have Windows Hello configured on your Microsoft Windows computer with facial recognition, fingerprint, or PIN configured. You must ensure you can log into Windows using the chosen method before attempting FIDO2 with OAA.

For the purposes of this tutorial facial recognition will be used. If you choose to use fingerprint, or PIN the steps are the same except you choose the relevant option when prompted.

Configure FIDO2 using Windows Hello in the Self-Service Portal

1. Access the Self-Service Portal. For example, https://oaa.example.com/oaa/rui.

2. Enter your user credentials. For example, testuser/<password>.

3. In the left navigation menu, select My Authenticators.

4. Select Add Authentication Factor and from the drop down menu select FIDO2 Challenge:

   

   Description of the illustration add_authenticator.jpg

5. In the Add FIDO2 Device screen enter a Friendly Name, for example, FIDO2-WH-FACE. Click Register:

Description of the illustration add_friendly.jpg

1. A Windows Security page will appear asking to save a passkey. As facial recognition is setup as the default Windows Hello login, it performs facial recognition:

   

   Description of the illustration face_scan.jpg

2. After the face scan has been successful, select OK to continue:

   

   Description of the illustration save_passkey.jpg

3. If successful you will see a Passkey Saved message. Click OK:

   

   Description of the illustration passkey_saved.jpg

4. If the authentication with the FIDO2 device is successful, the Self-Service Portal will show the factor has been added:

   

   Description of the illustration success.jpg

Learn More

• Configuring FIDO2 Challenge with Yubikey in the Oracle Advanced Authentication Self-Service Portal.
• Configuring FIDO2 Challenge with Mac Touch ID in the Oracle Advanced Authentication Self-Service Portal.
• To learn how to use factors when accessing an OAM protected application with MFA, see Integrate Oracle Access Management with Oracle Advanced Authentication.

Feedback

To provide feedback on this tutorial, please contact idm_user_assistance_ww_grp@oracle.com

Acknowledgements

• Author - Russ Hodgson

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Configuring FIDO2 Challenge with Windows Hello in the Oracle Advanced Authentication Self-Service Portal

G11145-01

July 2024

Copyright ©2024,

Oracle and/or its affiliates.