Configuring Oracle Advanced Authentication and Validating End User Flow on Oracle Cloud Marketplace
Introduction
This tutorial shows you how to configure Oracle Advanced Authentication (OAA) and Oracle Access Management (OAM) to protect a resource using the OAA MFA Policy on an Oracle Cloud Marketplace deployment.
An end user will then add factors in the Self-Service Portal. The end user will then access a protected OAM application and use MFA via OAA.
Prerequisites
You must have followed the tutorial Deploying Oracle Advanced Authentication on Oracle Cloud Marketplace.
Protecting the Application with OAM and OAA
In this section you protect an application (bank-emp.html
) with OAM and MFA.
-
Login to the OAM Administration Console (
https://login.example.com/oamconsole
) usingweblogic_iam
/<COMMON_PASSWORD>
. -
In the Application Security launch pad, under the Access Manager pane, click Application Domains.
-
In the Search Application Domains pane click Search.
-
Click IAM Suite and then Resources.
-
Click Search and under the Search Results click Create.
-
In the Create Resource screen enter the following details, and click Apply:
- Type:
HTTP
- Host Identifier:
IAMSuiteAgent
- Resource URL:
/bank-emp.html
- Protection Level:
Protected
- Authentication Policy:
OAA_MFA_Policy
- Authorization Policy:
Protected Resource Policy
The rest of the properties can be left as their default value.
- Type:
-
Logout of the OAM Administration console.
Configure Factors in the Self-Service Portal
The following factors are available with the Oracle Cloud Marketplace deployment without any further Administrator configuration:
- Time-based One Time Passcode (TOTP) with a Mobile Authenticator
- FIDO2
- YubiKey
If you need to configure Security Questions, Email, or SMS factors, then the Administrator needs to perform additional administrative tasks before they can be added in the Self-Service Portal. See:
Before the end user (oaauser1
- oaauser5
) can use MFA with any of the above factors, the end user must configure their factors in the Self-Service Portal.
-
Start a browser and login to the Self-Service Portal (
https://login.example.com/oaa/rui
) as an end user, for exampleoaauser1
/<COMMON_PASSWORD>
. -
To configure any of the above factors, follow the documentation and tutorials at Managing Factors in the Self-Service Portal.
Note: Factor verification is configured for you by default in Marketplace, so if the tutorial prerequisite suggests to configure this it can be ignored.
-
Once the factors are configured, logout of the Self-Service Portal.
Accessing the Protected Application
In this section you access the protected application, login to OAM, and then choose a second factor to authenticate with. If the authentication is successful, the protected page will be displayed.
-
Access the protected application,
https://login.example.com/bank-emp.html
. -
You will be redirected to the OAM login page. Enter the username and password, for example
oaauser1
/<COMMON_PASSWORD>
. Click Login: -
If authentication is successful, you will be redirected to the OAA challenge page to select a second factor to authenticate with. In the example below Oracle Mobile Authenticator Challenge is selected:
-
The user is redirected to the TOTP screen:
-
The user opens up their Mobile Authenticator application to view the OTP code.
-
The user enters the OTP in the TOTP screen and clicks Verify:
-
If authentication of the second factor is successful, the
bank-emp.html
is displayed: -
If you need to test other factors, click the Logout button, and then access
https://login.example.com/bank-emp.html
again.
Configuring Additional Factors
The following factors require additional Administrator configuration before an end user can add them in the Self-Service Portal:
Security Questions
To test the Security Questions factor, the administrator must enable Security Questions in the OAM-OAA-TAP Agent.
-
Login to the OAA Administration Console (https://login.example.com/oaa-admin/index.html) as
oaa_admin
/<COMMON_PASSWORD>
. -
From the left hand navigation menu, select Manage Integration Agents.
-
In the Integration Agents page, click OAM-OAA-TAP.
-
In the OAM-OAA-TAP page, click the OAM-OAA-TAP Assurance Level listed.
-
Under Uses, click the Security Question Challenge checkbox.
-
Click Save.
Email and SMS
If you need to test Email and/or SMS factors, then you must have an existing Oracle UMS Server to connect to, or you can create your own email and SMS messaging provider.
If you want to use an existing Oracle UMS Server, follow Configuring Oracle UMS Server for Email and SMS.
If you want to configure your own Email and SMS provider, see Customizing Email and SMS Messaging Provider.
Learn More
For more information on OAA, see Administering Oracle Advanced Authentication and Oracle Adaptive Risk Management.
Feedback
To provide feedback on this tutorial, please contact idm_user_assistance_ww_grp@oracle.com.
For technical support, contact Oracle Support.
Acknowledgements
- Author - Russ Hodgson
More Learning Resources
Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.
For product documentation, visit Oracle Help Center.
Configuring Oracle Advanced Authentication and Validating End User Flow on Oracle Cloud Marketplace
G34452-01
Copyright ©2025, Oracle and/or its affiliates.