System Architecture and Components
Oracle Universal Authenticator (OUA) contains the following components.
Oracle Universal Authenticator Client Application
The Oracle Universal Authenticator client application allows end-users to login to their device using their Oracle Access Management (OAM) credentials with step-up Multi-Factor Authentication (MFA), or alternatively using passwordless login.
Oracle Access Management
Oracle Access Management is used by Oracle Universal Authenticator as the identity provider (IDP) for device logins.
Oracle Advanced Authentication
Oracle Advanced Authentication provides multi-factor authentication and passwordless login for devices.
Device Runtime Support Service
The Device Runtime Support Service (DRSS) is installed as a microservice during the deployment of Oracle Advanced Authentication (OAA). It runs as a pod in the Kubernetes cluster alongside other OAA pods.
DRSS is responsible for accepting connections from the Oracle Universal Authenticator client application, validating the user’s Oracle Access Management credentials, logging the user into Oracle Access Management, and performing multi-factor authentication with OAA.
Oracle Adaptive Risk Management
Oracle Adaptive Risk Management (OARM) is installed as part of the Oracle Advanced Authentication (OAA) deployment. It aggregates risk data associated with users and user activities, analyzes and evaluates business risks posed by users and their activities and provides advice to be acted on to mitigate them.
Microsoft Entra ID Domain
For Microsoft Windows devices, Oracle Universal Authenticator (OUA) requires the device to be joined to a Microsoft Entra Domain Services managed domain. When a user logs into Microsoft Windows using the OUA client application and their Oracle Access Management credentials, the user is automatically logged into the domain.
Single-Sign On Browser Extension
The Single Sign-On (SSO) Browser Extension allows Microsoft Windows users authenticated with Oracle Universal Authenticator, to login to protected web applications automatically using SSO.
Administration Console
The Administration Console allows administrators to administer Oracle Universal Authenticator (OUA). Administrators can enable or disable OUA, view and manage registered devices, allow or disable users on a registered device, or block devices. It also allows administrators to set allowed authentication factors for OUA, restrict access based on required LDAP user groups, and perform device software management tasks.
Self-Service Portal
The Self-Service Portal allows users to manage their devices and factors used with Oracle Universal Authenticator. A user can view and manage their registered devices, can enable or disable a device, or rename a device to a friendly name. Users can also manage their factors for multi-factor authentication (MFA) that are configured in Oracle Advanced Authentication.