Seamless Single Sign-On with Oracle Universal Authenticator

Introduction

This tutorial demonstrates how seamless Single Sign-On (SSO) works for Microsoft Windows devices authenticated with Oracle Universal Authenticator.

Once a user is logged into their device using Oracle Universal Authenticator, a user can access Oracle Access Management (OAM) protected applications, and other Windows applications, without the need to enter their credentials again.

For the purposes of this tutorial, two web applications are protected with OAM (Marketing Anaylst and Gourmet Foods).

This tutorial will also show SSO working with Microsoft Office 365.

Prerequisites

Before starting this tutorial you must have:

1. A running Oracle Advanced Authentication installation deployed with Oracle Universal Authenticator.
2. Device authentication configured using one of the following tutorials:
   • Configuring Device Authentication on Windows Using Oracle Access Management and Multi-Factor Authentication
   • Configuring Device Authentication on Windows with Passwordless Login and Push Notifications
3. Two web applications protected with Oracle Access Management.
4. Microsoft Office 365 installed on your Windows computer.

Task 1: Sign In to Windows Using Oracle Universal Authenticator

In this example, the user has previously logged into Windows with Oracle Universal Authenticator and is using Oracle Mobile Authenticator challenge for the second factor.

1. Start your Windows device and select Oracle Universal Authenticator to login:

   

   Description of the illustration oua_logon.jpg

2. In the username screen, enter your Oracle Access Management username and click the arrow. In this example the user emilyjohnson8 is entered:

   

   Description of the illustration oam_username.jpg

3. You are prompted to enter your OAM password. Enter the required credentials and click the arrow:

   

   Description of the illustration oam_credentials.jpg

4. A notification appears asking you to choose the second factor to use. Select the factor to use from the drop down list. In this example Enter OTP from Device1 is selected for Oracle Mobile Authenticator challenge. Click the arrow:

   

   Description of the illustration choice.jpg

5. As Oracle Mobile Authenticator was selected you are asked to Enter the OTP from device Device1:

   

   Description of the illustration enter_otp.jpg

6. Open the Oracle Mobile Authenticator application on your mobile device to view the OTP:

   

   Description of the illustration code.jpg

7. Enter the code displayed into the Enter the OTP from device Device1 field and click the arrow:

   

   Description of the illustration enter_code.jpg

8. If authentication is successful you will be logged into your Windows device and the Windows desktop will appear:

   

   Description of the illustration desktop.jpg

Task 2: Access an OAM Protected Application

Once the end user has performed device authentication with Oracle Universal Authenticator, it is no longer necessary to enter any further credentials for any OAM protected application.

1. Launch a browser and access a protected application. In this example the Marketing Analyst site is accessed:

   

   Description of the illustration chrome.jpg

2. The browser automatically redirects to the OAM login URL, but as you are logged into Windows with Oracle Universal Authenticator the user is automatically given access to the application:

   

   Description of the illustration marketing.jpg

Task 3: Access Another OAM Protected Application

1. In the same browser access another OAM protected application. In this example the Gourmet Recipes application is accessed. Again, as the user logged into Windows with Oracle Universal Authenticator, the user is automatically given access to the application:

   

   Description of the illustration gourmet.jpg

Task 4: Access Office 365

1. Start the Office 365 application. A user is normally asked to enter their credentials, but as the user logged into Windows with Oracle Universal Authenticator, the user is logged into Office 365 automatically:

   

   Description of the illustration office365.jpg

2. Click on the user icon and notice the Microsoft Entra ID credentials are shown:

   

   Description of the illustration windows_user.jpg

3. Click on Outlook:

   

   Description of the illustration click_outlook.jpg

4. Outlook is opened without the need to enter any credentials:

   

   Description of the illustration outlook.jpg

Learn More

• Oracle Universal Authenticator

Feedback

To provide feedback on this tutorial, please contact idm_user_assistance_ww_grp@oracle.com

Acknowledgements

• Author - Russ Hodgson

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Seamless Single Sign-On with Oracle Universal Authenticator

F96301-01

May 2024

Copyright ©2024,

Oracle and/or its affiliates.