Performing Common Administration Tasks in Oracle Universal Authenticator

Introduction

This tutorial shows you some common tasks that can be performed by Administrators in the Administration Console for Oracle Universal Authenticator.

Objectives

In this tutorial you will perform the following tasks:

1. Configure the factors to allow for device authentication.
2. Monitor the devices and users registered with Oracle Universal Authenticator.
3. Block a user and a device from device authentication.

Prerequisites

Before starting this tutorial you must have:

1. A running Oracle Advanced Authentication (OAA) installation deployed with Oracle Universal Authenticator.
2. You have access to the Administration Console and can login with your administrator credentials.

Note: All the tasks below assume you have already logged into the Administration Console, for example https://oaa.example.com/oaa-admin.

Task 1: Configuring Factors for Device Authentication

Administrators can configure the authentication factors that can be used for Oracle Universal Authenticator. By default, all factors are enabled.

The following steps show how to configure the authentication factors for Oracle Universal Authenticator in the Administration console:

1. In the left-hand navigation menu, select Manage Integration Agents.

2. Select the name of your Oracle Universal Authenticator agent. In this example the agent is DRSSAgent:

   Note: The agent name is the value passed to oua.tapAgentName in the installOAA.properties. See, OAM Requirements for Oracle Universal Authenticator.

   

   Description of the illustration agents.jpg

3. Click the Assurance Level displayed. In this example the assurance level is DRSSAssuranceLevel:

   

   Description of the illustration assurance_level.jpg

4. In the Assurance Level screen, under Uses you can choose to enable or disable the factors you require:

   Note: FIDO2 Challenge and Security Question Challenge are not currently supported with Oracle Universal Authenticator.

   

   Description of the illustration uses.jpg

5. To disable a factor(s), click the checkbox for the relevant factor(s) and click Save. In this example, OMA Push Notification Challenge and YubiKey OTP Challenge have been deselected:

   Note: The end user can only select factors for device authentication that are enabled and will only be presented with a challenge choice for the factors they have configured in their Self-Service Portal.

   

   Description of the illustration disable_factors.jpg

Task 2: Monitoring Devices and Users registered With Oracle Universal Authenticator

The Administration Console allows you to manage devices registered with Oracle Universal Authenticator.

List All Devices

1. In the left-hand navigation menu, under Universal Authenticator > Device Management, select Devices. The Manage Devices screen appears. All registered devices are displayed by default sorted by most recently used:

   

   Description of the illustration list_devices.jpg

View Details of a Device

1. To view details of a device, in the Manage Devices screen, select the ellipsis next to the required device. In the drop-down menu, select View details:

   

   Description of the illustration view_details.jpg

2. The Device details screen appears as follows:

   

   Description of the illustration device_details.jpg

Task 3: Blocking a User or Device From Device Authentication

Administrators may need to block a user or block a device from using device authentication. For example, if someone leaves a company or a device gets stolen.

Blocking a User

The following steps show how to block a user registered to a device:

1. In the Device details screen, under the Registered to section, select Block User:

   

   Description of the illustration block_user.jpg

2. In the confirmation screen, select to confirm to block the user from that device:

   

   Description of the illustration confirm.jpg

   Note: If an Administrator blocks a user from a device, the user will not see the device in the Self-Service Portal.

3. In the Device details screen, the user now shows as blocked. The Administrator can enable the user again by clicking Enable User:

   

   Description of the illustration blocked.jpg

Blocking a Device

Blocking a device prevents all users registered to that device from logging in with Oracle Universal Authenticator from that device.

The following steps show how to block a device for all users:

1. In the Device details screen, from the Actions menu, select Disable device:

   

   Description of the illustration disable_device.jpg

2. In the confirmation screen, select to confirm to disable the device:

   

   Description of the illustration confirm_device.jpg

   Note: If an Administrator disables a device the user will not see the device in the Self-Service Portal.

3. In the Device details screen, in the Device history section, the device shows as disabled:

   

   Description of the illustration disabled.jpg

Learn More

For more information on Administration tasks in Oracle Universal Authenticator, see Administering Oracle Universal Authenticator.

Feedback

To provide feedback on this tutorial, please contact idm_user_assistance_ww_grp@oracle.com

Acknowledgements

• Author - Russ Hodgson

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Performing Common Administration Tasks in Oracle Universal Authenticator

F96298-01

May 2024

Copyright © ADOUA, Oracle and/or its affiliates.