My Oracle Support Banner

How to Configure Oracle Access Manager 12c (OAM 12.2.1.3) for One-Time Passwords for Use with the Oracle Mobile Authenticator Application (Doc ID 2503643.1)

Last updated on MARCH 25, 2021

Applies to:

Oracle Access Manager - Version 12.2.1.3.0 to 12.2.1.3.0 [Release 12c]
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note.

Goal

How to configure Oracle Access Manager 12c (OAM 12.2.1.3) for second factor authentication (SFA) allowing end-users to enter a one-time PIN (OTP) number displayed in the Oracle Mobile Authenticator (OMA) application on a mobile device. 

The one-time PIN is time-based meaning that any specific PIN in only valid for a set amount of time. After that time period has expired then a new PIN is required to complete the SFA login step. The PIN is generated based off of a shared secret key that is known to both the OAM server and the OMA application. 

The steps listed below should work correctly for both Android and iOS devices.

Important Notes:

  • This note covers the time-based one-time PIN option only. While the configuration of push notifications with the OMA application covers some of the same pieces (such as OMA and the AdaptiveAuthentication scheme) the configuration is much more complex and not covered in this document.
  • This document covers the setup of time-based one-time PIN (TOTP) with the OAM 12g server only. Very similar steps are needed to configure TOTP with the OAM 11c server but there are enough differences that a new note is warranted. See Note: 2307570.1 for configuration of an OAM 11g server.

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 Configure the OAM server settings from within the OAM console
 Configure the OAM server settings via REST commands
 Create an authentication policy to protect a resource that contains a post-authentication rule to switch to the AdaptiveAuthentication scheme
 Install the OMA application onto the mobile device
 Create a webpage to deliver the OMA application profile to the mobile device
 Register the user account within the OMA application
 How to configure the OAM server to use a custom LDAP attribute to store the shared secret
 Troubleshooting / Debugging
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.