Configuring Device Authentication on Windows Using Oracle Access Management and Multi-Factor Authentication

Introduction

This tutorial shows you how to set up your Microsoft Windows device to authenticate with Oracle Access Management (OAM) and multi-factor authentication (MFA) using Oracle Universal Authenticator.

For demonstration purposes this tutorial uses Oracle Mobile Authenticator Time-based One Time Password (TOTP) for MFA.

Objectives

In this tutorial you will perform the following tasks:

  1. Configure a factor in the Self-Service Portal.
  2. Sign in to Microsoft Windows using Oracle Universal Authenticator.

Prerequisites

Before starting this tutorial you must have:

  1. A running Oracle Advanced Authentication installation deployed with Oracle Universal Authenticator.
  2. A Windows device with the Oracle Universal Authenticator client application installed.
  3. The Oracle Universal Authenticator integration agent is configured with the required factors for device authentication.
  4. You have access to the Self-Service Portal and can login with your user credentials.

Task 1: Configure Your Factors

In order to use device authentication with Oracle Universal Authenticator, you must have at least one factor configured in the Self-Service Portal.

The following tutorials explain how to configure each factor:

Note: FIDO2 and Security Questions are not currently supported with Oracle Universal Authenticator.

Task 2: Sign In to Windows Using Oracle Universal Authenticator

Day 0 Use Case

Note: The instructions below assume you have not logged into this device previously with Oracle Universal Authenticator using your Oracle Access Management credentials.

  1. Start your Windows device and select Oracle Universal Authenticator to login:

    Description of the illustration oua_logon.jpg

  2. In the username screen, enter your Oracle Access Management username and click the arrow:

    Description of the illustration oam_username.jpg

  3. You are prompted to enter your OAM password and Windows credentials. Enter the required credentials and click the arrow:

    Description of the illustration credentials.jpg

    Note: The Windows Username takes the format of azuread\<username>.

  4. If the credentials are verified successfully, a notification will appear asking you to choose the second factor to use. Select the factor to use from the drop-down list. In this example Enter OTP from device Device1 is selected for Oracle Mobile Authenticator challenge. Click the arrow:

    Note: If you have a default factor set then you will be asked for that factor.

    Description of the illustration choice.jpg

  5. As Oracle Mobile Authenticator was selected you are asked to Enter OTP from device Device1:

    Description of the illustration enter_otp.jpg

  6. Open the Oracle Mobile Authenticator application on your mobile device to view the OTP:

    Description of the illustration code.jpg

  7. Enter the code displayed into the Enter OTP from device Device1 field and click the arrow:

    Description of the illustration enter_code.jpg

  8. If authentication is successful you will be logged into your Windows device and the Windows desktop will appear.

Day N Use Case

After the initial login, the device and user is registered with Oracle Universal Authenticator. As a result, you will not be asked to enter your Windows credentials again.

  1. Start your Windows device and select Oracle Universal Authenticator to login:

    Description of the illustration oua_logon.jpg

  2. In the username screen, enter your Oracle Access Management username and click the arrow:

    Description of the illustration oam_username.jpg

  3. You are prompted to enter your OAM password. Enter the required credentials and click the arrow:

    Description of the illustration oam_credentials.jpg

  4. If the credentials are verified successfully, a notification will appear asking you to choose the second factor to use. Select the factor to use from the drop down list. In this example Enter OTP from device Device1 is selected for Oracle Mobile Authenticator challenge. Click the arrow:

    Note: If you have a default factor set then you will be asked for that factor.

    Description of the illustration choice.jpg

  5. As Oracle Mobile Authenticator was selected you are asked to Enter OTP from device Device1:

    Description of the illustration enter_otp.jpg

  6. Open the Oracle Mobile Authenticator application on your mobile device to view the OTP:

    Description of the illustration code2.jpg

  7. Enter the code displayed into the Enter OTP from device Device1 field and click the arrow:

  8. If authentication is successful you will be logged into your Windows device and the Windows desktop will appear.

Learn More

Feedback

To provide feedback on this tutorial, please contact idm_user_assistance_ww_grp@oracle.com

Acknowledgements

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.