Configuring Device Authentication on Windows Using Oracle Access Management and Multi-Factor Authentication
Introduction
This tutorial shows you how to set up your Microsoft Windows device to authenticate with Oracle Access Management (OAM) and multi-factor authentication (MFA) using Oracle Universal Authenticator.
For demonstration purposes this tutorial uses Oracle Mobile Authenticator Time-based One Time Password (TOTP) for MFA.
Objectives
In this tutorial you will perform the following tasks:
- Configure a factor in the Self-Service Portal.
- Sign in to Microsoft Windows using Oracle Universal Authenticator.
Prerequisites
Before starting this tutorial you must have:
- A running Oracle Advanced Authentication installation deployed with Oracle Universal Authenticator.
- A Windows device with the Oracle Universal Authenticator client application installed.
- The Oracle Universal Authenticator integration agent is configured with the required factors for device authentication.
- You have access to the Self-Service Portal and can login with your user credentials.
Task 1: Configure Your Factors
In order to use device authentication with Oracle Universal Authenticator, you must have at least one factor configured in the Self-Service Portal.
The following tutorials explain how to configure each factor:
-
Configuring Email Challenge in the Oracle Advanced Authentication Self-Service Portal
-
Configuring SMS Challenge in the Oracle Advanced Authentication Self-Service Portal
-
Configuring Mobile Authenticator Challenge in the Oracle Advanced Authentication Self-Service Portal
-
Configuring YubiKey Challenge in the Oracle Advanced Authentication Self-Service Portal
-
Configuring SafeID Challenge in Oracle Advanced Authentication
-
Configuring Security Questions Challenge in the Oracle Advanced Authentication Self-Service Portal
-
Configuring FIDO2 Challenge in the Oracle Advanced Authentication Self-Service Portal
Note: FIDO2 and Security Questions are not currently supported with Oracle Universal Authenticator.
Task 2: Sign In to Windows Using Oracle Universal Authenticator
Day 0 Use Case
Note: The instructions below assume you have not logged into this device previously with Oracle Universal Authenticator using your Oracle Access Management credentials.
-
Start your Windows device and select Oracle Universal Authenticator to login:
-
In the username screen, enter your Oracle Access Management username and click the arrow:
-
You are prompted to enter your OAM password and Windows credentials. Enter the required credentials and click the arrow:
Description of the illustration credentials.jpg
Note: The Windows Username takes the format of
azuread\<username>
. -
If the credentials are verified successfully, a notification will appear asking you to choose the second factor to use. Select the factor to use from the drop-down list. In this example Enter OTP from device Device1 is selected for Oracle Mobile Authenticator challenge. Click the arrow:
Note: If you have a default factor set then you will be asked for that factor.
-
As Oracle Mobile Authenticator was selected you are asked to Enter OTP from device Device1:
-
Open the Oracle Mobile Authenticator application on your mobile device to view the OTP:
-
Enter the code displayed into the Enter OTP from device Device1 field and click the arrow:
-
If authentication is successful you will be logged into your Windows device and the Windows desktop will appear.
Day N Use Case
After the initial login, the device and user is registered with Oracle Universal Authenticator. As a result, you will not be asked to enter your Windows credentials again.
-
Start your Windows device and select Oracle Universal Authenticator to login:
-
In the username screen, enter your Oracle Access Management username and click the arrow:
-
You are prompted to enter your OAM password. Enter the required credentials and click the arrow:
-
If the credentials are verified successfully, a notification will appear asking you to choose the second factor to use. Select the factor to use from the drop down list. In this example Enter OTP from device Device1 is selected for Oracle Mobile Authenticator challenge. Click the arrow:
Note: If you have a default factor set then you will be asked for that factor.
-
As Oracle Mobile Authenticator was selected you are asked to Enter OTP from device Device1:
-
Open the Oracle Mobile Authenticator application on your mobile device to view the OTP:
-
Enter the code displayed into the Enter OTP from device Device1 field and click the arrow:
-
If authentication is successful you will be logged into your Windows device and the Windows desktop will appear.
Learn More
- To see how seamless SSO works with protected applications after logging in with Oracle Universal Authenticator, see Seamless Single-Sign On With Oracle Universal Authenticator.
Feedback
To provide feedback on this tutorial, please contact idm_user_assistance_ww_grp@oracle.com
Acknowledgements
- Author - Russ Hodgson
More Learning Resources
Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.
For product documentation, visit Oracle Help Center.
Configuring Device Authentication on Windows Using Oracle Access Management and Multi-Factor Authentication
F96299-02
June 2024