Enabling and Configuring Multi-Factor Authentication (MFA)

Configure MFA

1. Select MFA Factors

• In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then MFA.
• Select the factors that you want to enable for your users: Security Questions, Mobile App OTP, Mobile App Notification, Text Message (SMS), Email, and Bypass Code.
• Click Save.

2. Create a Sign-On Rule for MFA

• In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then Sign-On Policies.
• Oracle Identity Cloud Service provides a default sign-on policy, which allows you to define criteria that Oracle Identity Cloud Service uses to determine whether to allow a user to sign in or to prevent a user from accessing Oracle Identity Cloud Service.
• Click the Default Sign-On Policy.
• Click the Sign-On Rules tab, and then click Add.
• In the Add Rule dialog box, name the rule, and then define conditions in the Conditions section.
• In the Actions section of the dialog box, select Prompt for an additional factor. Additional MFA settings appear for specifying whether the user is required to enroll in MFA and how often this additional factor is to be used to log in to Oracle Identity Cloud Service.
• Note: You must have selected at least one factor for MFA on the Multi-Factor Authentication (MFA) Settings page in Oracle Identity Cloud Service for the additional MFA fields to appear in the Add Rule window.
• Select Required to force the user to enroll in MFA. Select Optional to give a user the option of skipping MFA enrollment.
• Define the frequency that you want a user to be prompted for an additional factor when logging in using a trusted device.
• - Once per Session (Default) requires a user to provide a second factor when they log in for each session that they open.
• - Every time requires a user to provide a second factor each time that they log in.
• - Once every defines how often a user provides a second factor when they log in.
• Click Save.

3. Configure Other MFA Settings

• In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then MFA.
• Select Enable Trusted Computer when you want to provide users the option to mark their computer and other devices as trusted during login, and then update the trusted computer and device policy criteria according to your requirements. Trusted devices don’t require the user to provide secondary authentication each time that they sign in (for a defined time period).
• Enter the maximum number of factors (Max number of enrolled factors) that a user can enroll in.
• Select the maximum number of times (Max unsuccessful MFA attempts) that a user can provide incorrect verification using their MFA factor before they are locked out of their account.
• Click Save.

Configure Authentication Settings

4. Configure Mobile OTP and Notifications

• In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then MFA.
• Access the Mobile App Settings page by either clicking Configure next to the Mobile App OTP check box or by selecting the Factors tab from the left, and then Mobile App.
• The default values for the One-Time Passcode (OTP) Policy fields are the industry-recommended settings. Leave the defaults or update these fields according to your requirements.
• Select which protection policy that you want to enforce on the Oracle Mobile Authenticator (OMA) app: App PIN or Fingerprint. Leave the default of None if you do not want to enforce a protection policy.
• Define the app protection policy criteria according to your requirements.
• Configure your compliance policy requirements such as which operating systems and which versions are allowed, detecting a rooted device, and whether a device must use screen lock.
• Click Save.

5. Configure Security Questions

• In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then MFA.
• Access the Security Questions Settings page by either clicking Configure next to the Security Questions check box or by selecting the Factors tab from the left, and then Security Questions.
• Enter the minimum number of characters (Minimum answer length) that a user must supply for an answer to a security question.
• Enter the number of security questions (Number of security questions a user is asked) that you want to ask the user.
• In the Manage Security Questions section, select the check boxes for the questions that you want to use.
• Click Save.
• To add custom questions, click Add Question, enter the security question, and then click Save.

6. Configure Text Message (SMS)

• In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then MFA.
• Access the Text Message (SMS) Settings page by either clicking Configure next to the Text Message (SMS) check box or by selecting the Factors tab from the left, and then SMS.
• Enter the number of digits (Passcode Length) that the system should use when generating the passcode.
• Enter the number of minutes (Passcode validity duration) that the passcode is valid.
• Use the Message Templates section to create the wording that is sent in the SMS message to the user. Identity Cloud Service provides a fixed list of message variables for your use. The variable values are replaced at runtime with values that you specify in the message template. Click Message Variables to view the available variables and variable definitions.

7. Configure Email

• In the Identity Cloud Service console, expand the Navigation Drawer, click Security, and then MFA.
• Access the Email Settings page by either clicking Configure next to the Email check box or by selecting Email from the Navigation Drawer.
• In the Passcode Length box, enter the number of digits that the system should use when generating the OTP that is sent in an email to the user.
• In the Passcode Validity Duration box, enter the number of minutes that the OTP is valid.

You're done!

Find out more about Oracle Identity Cloud Service

Product Information

See cloud.oracle.com/identity

What's Next

• Adding a Sign-On Policy
• Resetting Authentication Factors for User Accounts
• Generating Bypass Codes for User Accounts

Product Documentation

• Understanding Sign-On Policies
• Understanding Multi-Factor Authentication
• Configuring Multi-Factor Authentication Settings
• Configuring Authentication Factors

Watch Videos

• Oracle Identity Cloud Service - Administrators Tour

Attend Oracle Cloud Events

See events.oracle.com and blogs.oracle.com/cloud for information about Oracle Cloud events.

Join the Community

• Oracle Cloud Community: cloud.oracle.com
• Follow Oracle Cloud on: Facebook | Twitter | YouTube

About Oracle | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights | Sustainability

Copyright © 2016, 2017, Oracle and/or its affiliates. All rights reserved.