Fortifying Oracle Identity Cloud Service with Multifactor Authentication (MFA) 

Introduction 

Oracle Identity Cloud Service employs MFA, where users utilize two-factor verification, incorporating extra information or a second device during logins to enhance security and ensure a secure user identity verification. 

The Oracle Identity Cloud Service administration console used to enable, manage, and disable MFA. 

Why use MFA in OCI (Oracle Cloud Infrastructure) 

This prevents unauthorized access even if passwords are compromised. MFA adds an extra layer of protection, safeguarding sensitive data, applications, and resources hosted in OCI from potential cyber threats and unauthorized access attempts. 

Pre-requisite for MFA implementation in OCI 

  • Access your Oracle Identity Cloud Service Console or Oracle Cloud Infrastructure Direct Sign-In login credentials. 
  • Download an MFA mobile app (e.g., Google Authenticator). 
  • Enroll your OCI account with the MFA app. 
  • Ensure your organization’s MFA policy is reviewed and followed. 

Enable and Configuring Multifactor Authentication in Oracle Identity Cloud service. 

Identity Cloud Service->Security- >Identity Providers ->Enable or Disable settings. 

To implement MFA in Oracle Identity Cloud Service, follow these steps: 

  • Sign into the Oracle Identity Cloud Service console as an administrator. 
  • Navigate to the “Security” or “Identity Security” section of the console. 
  • Look for the MFA settings. 
  • Enable MFA for the desired user groups or applications. 
  • Select the authentication factors you want to use, such as Mobile App OTP, SMS codes, email verification, 
  • Configure the MFA settings based on your security requirements and user preferences. For example, you may specify how often users need to re-verify their identity or whether to remember trusted devices for future logins. 
  • Save the changes and exit the configuration panel.     

                                                                 

 

Creating Sign-on-Rules for Multifactor Authentication 

Oracle Identity Cloud Service provides a default sign-on policy to control user access based on defined criteria, allowing, or denying sign-ins accordingly. 

To configure the default policy, access the Sign-On Rules tab, create a new rule with specified conditions, and use the Actions section to either prompt for reauthentication or require an additional factor like MFA. This enhances security and ensures users meet MFA requirements for certain logins. 

 Sign-on policies allow organizations to implement risk-based access control. By setting different policies based on factors like user roles, location, or device type, organizations can adjust the level of security required for each login attempt. 

 How to Configure Mobile OTP and Notifications in Oracle Identity Cloud Service 

  • Access the MFA Settings: In the Oracle Identity Cloud Service console, expand the Navigation Drawer, click on Security, and then select MFA. 
  • Configure Mobile App Settings: Click on Configure next to the Mobile App Passcode check box to access the Mobile App Settings page. 
  • Set Passcode Policy: The default values for Passcode Policy fields are industry-recommended settings. You can leave them as is or modify them to suit your requirements. 
  • Enable Pull Notifications: In the Notification Policy section, select Enable pull notifications to allow the Oracle Mobile Authenticator (OMA) app to pull pending notification requests from the server. 
  • Choose App Protection Policy: Select the desired app protection policy for the OMA app: App PIN or Fingerprint. If you do not want to enforce any protection policy, leave it as None. 

 

 Installing Mobile Authenticator APP 

  • Go to Mobile play store and Install Oracle Mobile Authenticator App –>                        

  • Scan the QR code when prompted from the App and Enter the code. 

 (Verification code) displayed by the app -> click verify to enable the MFA. 

  After enabling MFA settings as mentioned above, go to the OCI console, and provide your username and password. Once the sign-in is given, open the authenticator app on your registered mobile device.  

Enter the displayed passcode from the authenticator app and click “Sign In” to access your Oracle Cloud Infrastructure tenancy.  

This additional step ensures an extra layer of security for OCI account. 

 Conclusion 

In summary, OCI’s MFA offers a robust security layer, combining passwords and authenticator apps for enhanced protection. Enabling MFA strengthens login security, minimizing unauthorized access risks and data protection. MFA’s implementation ensures a reliable and trustworthy environment for organizations using Oracle Cloud Infrastructure. 

 

 

 

 

 

 

 

 

Recent Posts

Start typing and press Enter to search