Multi-Factor Authentication (MFA) is a method of authentication that requires the use of more than one factor to verify a user’s identity.

With MFA enabled in Oracle Identity Cloud Service, when a user signs in to an application, they are prompted for their username and password, which is the first factor – something that they know. The user is then required to provide a second type of verification. This is called 2-Step Verification. The two factors work together to add an additional layer of security by using either additional information or a second device to verify the user’s identity and complete the login process.

Why Use MFA?

Users are increasingly connected, accessing their accounts and applications from anywhere. As an administrator, when you add MFA on top of the traditional username and password, that helps you to protect access to data and applications. This also reduces the likelihood of online identity theft and fraud, which secures your business applications even if an account password is compromised.

MFA Factors

As of  August 2018 update,  MFA supports Six factors:

  • Security Questions: prompts the user to answer security questions to verify their identity. After the user enters their username and password, he must provide answers to a defined number of security questions.
  • Mobile App One-Time Passwords: User has Oracle Mobile Authenticator (OMA) App installed in his device to generate a One-Time Password (OTP). A new OTP is typically generated every 30 seconds and is valid for 90-180 seconds. After the user enters his username and password he is prompted to enter the OTP generated by the Oracle Mobile Authenticator app.
  • Mobile App Notification: IDCS sends a push notification that contains an approval request to allow or deny a login attempt. After the user provides his username and password, a login requests us sent to his phone. The user taps ‘Allow’ to authenticate.
  • Text Message (SMS): IDCS sends a passcode as a text message (SMS) to the user phone. This method is useful for users with limited connectivity. After the user enters his username and password, a passcode is sent to their device to use as a second authentication factor.
  • Bypass Code: When enrolling users can generate a bypass code and save for later use. User-generated bypass codes never expire, but can be only used once. Users also have the option to contact an administrator to request a bypass code for access.
  • Email: Send a one-time passcode in an email to the user. After the user selects Email as the authentication method, Oracle Identity Cloud Service sends a one-time passcode to the user’s primary email address for use as a second verification method. The user’s primary email address is defined in the user’s Oracle Identity Cloud Service account.

Configure MFA

1. Select MFA Factors

  • In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then MFA.
  • Select the factors that you want to enable for your users: Security QuestionsMobile App OTPMobile App NotificationText Message (SMS)Email, and Bypass Code.
  • Click Save.