37 Configuring TOTP-based Multi Factor Authentication in OAM
This section provides details for configuring TOTP-based Multi Factor Authentication (MFA) in OAM
Perform the following steps to configure TOTP-based MFA in OAM:
- Configure MFA using the
configureMFA
command withconfig-utility.jar
. For example:$JAVA_HOME/bin/java -cp $ORACLE_HOME/oam/server/tools/config-utility/config-utility.jar -Doracle.net.tns_admin=/u01/IDMTOP/config/domains/IDMDomain/config/jdbcoracle.security.am.migrate.main.ConfigCommand $DOMAIN_HOME configureMFA $DOMAIN_HOME/propertyfile
Thepropertyfile
must include the following properties:oam.entityStore.schemaUser=<schemaUser> oam.entityStore.ConnectString=jdbc:oracle:thin:@//<connection string> oam.entityStore.schemaPassword=<Password> oam.user.store="<identityStoreName>" oam.user.role="<RequiredRolename>"
Note:
oam.user.store
is optional. If this is not specified, the default Identity Store is used.oam.user.role
must be specified with the correct role name of the Administrator.
- Set the Post-Authentication Rule
- Log in to the Oracle Access Management Console as Administrator.
- In the Oracle Access Management Console, click Application Security at the top of the window.
- In the Application Security console, click Application Domains.
- Search and select the required Application Domain
- In the Application Domain window, click Authentication Policies tab, search and select the required Authentication Policy
- In the Authentication Policy window, click Advanced Rules tab.
- Under Post Authentication, click the plus sign (+) to add a new rule.
- Specify the following details in the Add Rule window:
- Rule Name: Specify a name for the rule
- Condition: Add
config.configMap['MFAEnabled'] == 'true'
in this field - If condition is true *Switch Authentication Scheme to: Select AdaptiveAuthenticationScheme from the dropdown.
- Click Add to apply this rule.
- Click Apply to save this updated authentication policy
- Enable MFA using the following REST
API:
https://<ManagedServerHost>:<ManagedServerPort>/oam/services/rest/access/api/v1/control/feature?state=enable&componentName=mfa
For more information, see REST API to Enable MFA in Oracle Access Manager .