Configuring Knowledge Based Authentication


This tutorial shows you how to configure Knowledge Based Authentication with Oracle Advanced Authentication (OAA) for the purposes of multi-factor authentication. In this tutorial a user will access an application protected via an Oracle WebGate and Oracle Access Management (OAM). Once authenticated in OAM the user is challenged to authenticate with a Security Question as a second factor.


In this tutorial you will perform the following tasks:

  1. Configure Security Questions for the OAM Integration Agent.
  2. Configure Security Questions in User Preferences.
  3. Access a Protected Application using a Security Question.


Before starting this tutorial you must have followed the tutorial Integrate Oracle Access Management with Oracle Advanced Authentication

Configure Security Questions for the OAM Integration Agent

In this section you configure the OAM Integration Agent in OAA to use Security Questions.

  1. Log in to the OAA Administration console with you administrator credentials. For example,

  2. From the left hand navigation menu select Manage Integration Agents.

  3. Click the OAM Integration Agent. For example, OAM-MFAPartner.

  4. In the Assurance Levels tab click the Assurance Level. For example, OAM MFA-Level.

  5. Under Use the Factor(s) select Security Question Challenge.

  6. Click Save.

    Description of the illustration security_question_challenge.jpg

Configure Security Questions in User Preferences

In this section the end user configures Security Questions in their User Preferences.

  1. Access the OAA User Preferences console. For example,

  2. Log in as the end user. For example, testuser/<password>.

  3. Select Add Authentication Factor and from the drop down menu select Security Question Challenge.

  4. In the Security Question screen select three questions to answer. Once you have entered the answers to the questions click Register:

    For example:

    Description of the illustration configure_security_question.jpg

Access a Protected Application using Security Questions

In this section you access a protected application, login to OAM and test that second factor authentication works with Security Questions.

  1. Launch a browser and access the protected application. For example, As this application is protected you should be redirected to the OAM login page. Log in as the end user for whom Security Questions are configured. For example, testuser/<password>.

  2. If the login is successful you will be redirected to the Security Question page.

    Description of the illustration security_question.jpg

  3. Enter the answer. Click Verify.

  4. If the authentication is successful you should be redirected to the protected application page. For example, /mybank.

    Description of the illustration mybank.jpg

Learn More

More Learning Resources

Explore other labs on or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.