Performing Common Administration Tasks in Oracle Universal Authenticator
Introduction
This tutorial shows you some common tasks that can be performed by Administrators in the Administration Console for Oracle Universal Authenticator.
Objectives
In this tutorial you will perform the following tasks:
- Configure the factors to allow for device authentication.
- Monitor the devices and users registered with Oracle Universal Authenticator.
- Block a user and a device from device authentication.
Prerequisites
Before starting this tutorial you must have:
- A running Oracle Advanced Authentication (OAA) installation deployed with Oracle Universal Authenticator.
- You have access to the Administration Console and can login with your administrator credentials.
Note: All the tasks below assume you have already logged into the Administration Console, for example https://oaa.example.com/oaa-admin
.
Task 1: Configuring Factors for Device Authentication
Administrators can configure the authentication factors that can be used for Oracle Universal Authenticator. By default, all factors are enabled.
The following steps show how to configure the authentication factors for Oracle Universal Authenticator in the Administration console:
-
In the left-hand navigation menu, select Manage Integration Agents.
-
Select the name of your Oracle Universal Authenticator agent. In this example the agent is DRSSAgent:
Note: The agent name is the value passed to
oua.tapAgentName
in theinstallOAA.properties
. See, OAM Requirements for Oracle Universal Authenticator. -
Click the Assurance Level displayed. In this example the assurance level is DRSSAssuranceLevel:
-
In the Assurance Level screen, under Uses you can choose to enable or disable the factors you require:
Note: FIDO2 Challenge and Security Question Challenge are not currently supported with Oracle Universal Authenticator.
-
To disable a factor(s), click the checkbox for the relevant factor(s) and click Save. In this example, OMA Push Notification Challenge and YubiKey OTP Challenge have been deselected:
Note: The end user can only select factors for device authentication that are enabled and will only be presented with a challenge choice for the factors they have configured in their Self-Service Portal.
Task 2: Monitoring Devices and Users registered With Oracle Universal Authenticator
The Administration Console allows you to manage devices registered with Oracle Universal Authenticator.
List All Devices
-
In the left-hand navigation menu, under Universal Authenticator > Device Management, select Devices. The Manage Devices screen appears. All registered devices are displayed by default sorted by most recently used:
View Details of a Device
-
To view details of a device, in the Manage Devices screen, select the ellipsis next to the required device. In the drop-down menu, select View details:
-
The Device details screen appears as follows:
Task 3: Blocking a User or Device From Device Authentication
Administrators may need to block a user or block a device from using device authentication. For example, if someone leaves a company or a device gets stolen.
Blocking a User
The following steps show how to block a user registered to a device:
-
In the Device details screen, under the Registered to section, select Block User:
-
In the confirmation screen, select to confirm to block the user from that device:
Description of the illustration confirm.jpg
Note: If an Administrator blocks a user from a device, the user will not see the device in the Self-Service Portal.
-
In the Device details screen, the user now shows as blocked. The Administrator can enable the user again by clicking Enable User:
Blocking a Device
Blocking a device prevents all users registered to that device from logging in with Oracle Universal Authenticator from that device.
The following steps show how to block a device for all users:
-
In the Device details screen, from the Actions menu, select Disable device:
-
In the confirmation screen, select to confirm to disable the device:
Description of the illustration confirm_device.jpg
Note: If an Administrator disables a device the user will not see the device in the Self-Service Portal.
-
In the Device details screen, in the Device history section, the device shows as disabled:
Learn More
For more information on Administration tasks in Oracle Universal Authenticator, see Administering Oracle Universal Authenticator.
Feedback
To provide feedback on this tutorial, please contact idm_user_assistance_ww_grp@oracle.com
Acknowledgements
- Author - Russ Hodgson
More Learning Resources
Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.
For product documentation, visit Oracle Help Center.
Performing Common Administration Tasks in Oracle Universal Authenticator
F96298-01
May 2024
Copyright © ADOUA, Oracle and/or its affiliates.