OTP Security Hardening
(Doc ID 3015441.1)
Last updated on JUNE 20, 2024
Applies to:
Oracle Access Manager - Version 12.2.1.4.230106 and laterInformation in this document applies to any platform.
Goal
Objective is to cover scenario when end-user may try to authenticate with OTP and user account in LDAP is already locked
as per "34.2 Working with the Adaptive Authentication Service" section, user guide "Administering Oracle Access Management Release 12.2.1.4", Second Factor Authentication page may have the following options:
- OTP from Oracle Mobile Authenticator
- OTP through SMS
- OTP through Email
- Access Request Notification from Oracle Mobile Authenticator
You can lock the user after a fixed number of invalid attempts to login using incorrect PIN, during Second Factor Authentication.
The number of invalid attempts, is based on the value specified in MaxAttempts configured in Adaptive Authentication plugin on the OAM Console.
When user provides incorrect PIN for more than configured MaxAttempts, user account is locked using OAM password schema attributes.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |