1. Administering Oracle Universal Authenticator
  2. Introduction to Oracle Universal Authenticator
  3. Introducing Oracle Universal Authenticator
  4. System Architecture and Components

System Architecture and Components

Oracle Universal Authenticator (OUA) contains the following components.

Oracle Universal Authenticator Client Application

The Oracle Universal Authenticator client application allows end-users to login to their device using their Oracle Access Management (OAM) credentials with step-up Multi-Factor Authentication (MFA), or alternatively using passwordless login.

Oracle Access Management

Oracle Access Management is used by Oracle Universal Authenticator as the identity provider (IDP) for device logins.

Oracle Advanced Authentication

Oracle Advanced Authentication provides multi-factor authentication and passwordless login for devices.

Device Runtime Support Service

The Device Runtime Support Service (DRSS) is installed as a microservice during the deployment of Oracle Advanced Authentication (OAA). It runs as a pod in the Kubernetes cluster alongside other OAA pods.

DRSS is responsible for accepting connections from the Oracle Universal Authenticator client application, validating the user’s Oracle Access Management credentials, logging the user into Oracle Access Management, and performing multi-factor authentication with OAA.

Oracle Adaptive Risk Management

Oracle Adaptive Risk Management (OARM) is installed as part of the Oracle Advanced Authentication (OAA) deployment. It aggregates risk data associated with users and user activities, analyzes and evaluates business risks posed by users and their activities and provides advice to be acted on to mitigate them.

Microsoft Entra ID Domain

For Microsoft Windows devices, Oracle Universal Authenticator (OUA) requires the device to be joined to a Microsoft Entra Domain Services managed domain. When a user logs into Microsoft Windows using the OUA client application and their Oracle Access Management credentials, the user is automatically logged into the domain.

Single-Sign On Browser Extension

The Single Sign-On (SSO) Browser Extension allows Microsoft Windows users authenticated with Oracle Universal Authenticator, to login to protected web applications automatically using SSO.

Administration Console

The Administration Console allows administrators to administer Oracle Universal Authenticator (OUA). Administrators can enable or disable OUA, view and manage registered devices, allow or disable users on a registered device, or block devices. It also allows administrators to set allowed authentication factors for OUA, restrict access based on required LDAP user groups, and perform device software management tasks.

Self-Service Portal

The Self-Service Portal allows users to manage their devices and factors used with Oracle Universal Authenticator. A user can view and manage their registered devices, can enable or disable a device, or rename a device to a friendly name. Users can also manage their factors for multi-factor authentication (MFA) that are configured in Oracle Advanced Authentication.