11.1 Onboarding Users in OAA

For end users to be able to access and use the Self-Service Portal, the user must be created in OAA.

Administrators have the following options to create users in OAA:
  • Auto-create users using the Self-Service Portal.
  • Use REST API's to create users and their factors.
  • Use the OAAAuthnPlugin to migrate users from OAM.
The sections below outline the steps for each option.

Auto-create Users Using the Self-Service Portal

When an end user logs into the Self-Service Portal for the first time, the user will be created automatically in OAA. Once logged in to the Self-Service Portal, the end user can create their authentication factors manually.

If you have installed using the December 24 release or later, auto-creation of users is enabled out of the box.

If you have installed a release prior to OAA December 24 you need to configure this manually using the oaa.default.spui.pref.runtime.autoCreateUser=true property:

  1. Set the property oaa.default.spui.pref.runtime.autoCreateUser=true using the <PolicyUrl>/policy/config/property/v1 REST API endpoint.

    Note:

    In this case remove /oaa-policy from the <PolicyUrl>, for example use https://<host>:<port>/policy/config/property/v1 not https://<host>:<port>/oaa-policy/policy/config/property/v1

For details about finding the PolicyUrl and authenticating, see OAA Admin API.

For details about the Configuration Properties REST Endpoint, see Configuration Properties REST Endpoints.

Use REST API’s To Create Users and Their Factors

Administrators can create users and their factors using REST API's. Once the user is created via REST API's, they can log in to the Self-Service Portal and see all their authentication factors. Users can then manage their factors as they choose.

For more details, see Registering Users with Challenge Factors in OAA.

Use the OAAAuthnPlugin To Migrate Users From OAM

Administrators can use the OAAAuthnPlugin to migrate users and configured factors from Oracle Access Management (OAM). Once the OAAAuthnPlugin is configured, when a user accesses an OAM protected application, that user will atomically be migrated to OAA along with any factors configured, based on defined LDAP attributes.

Note:

Only Email, SMS, and Oracle Mobile Authenticator TOTP are supported for migration.

Once the user is migrated, the user can access the Self-Service Portal and view and manage their configured factors.

If you have installed using the December 24 release or later, then this integration is automatically configured for you.

If you have installed prior to December 24, then this is configured manually.

For details on how to configure the OAAAuthnPlugin manually, or for more information on how migrating users works, see Integrate Oracle Access Management with Oracle Advanced Authentication .