Configuring Authentication Factors

You can configure the following authentication factors for an identity domain.

  • Security Questions: Prompt the user to answer security questions to verify their identity. After the user enters their username and password, they must answer a defined number of security questions as the second verification method. See Configuring Security Questions
  • Email: Send a one-time passcode in an email to the user. After the user selects Email as the authentication method, IAM sends a one-time passcode to the user's primary email address for use as a second verification method. The user's primary email (Email) address is defined in the user's IAM account. See Configuring Email Settings.
  • Duo Security: Enable Duo Security as an MFA Factor so that users use the Duo App or other Duo factors to authenticate. If Duo Security is enabled, users that haven't enrolled are prompted to do so when a Sign-On policy triggers an MFA verification. See Configuring Duo Security.
  • Fast ID Online (FIDO): Configure FIDO authentication so that users can use their FIDO authentication device, for example an external authentication device such as a YubiKey, or an internal device such as Windows Hello or Mac Touch ID, to authenticate to an identity domain. See Configuring FIDO Authenticator.
  • Mobile App Passcode: Use an authenticator app, such as the Oracle Mobile Authenticator (OMA) app to generate an OTP. An OTP can be generated even when the user's device is offline. After the user enters their username and password, a prompt appears for the passcode. The user obtains a generated passcode from the app, and then enters the code as the second verification method. See Configuring Mobile OTP and Notifications.

    IAM also works with any third-party authentication app that adheres to the TOTP: Time-Based One-Time Password Algorithm specification, such as the Google Authenticator.

  • Text Message (SMS) or Phone Call: Send a passcode as a text message (SMS) or as a phone call to the user. This method is useful for users without Internet connectivity. After the user enters their username and password, IAM sends a passcode to their device for use as a second verification method. See Configuring OTP Text Messages and Phone Calls.
  • Mobile App Notification: Send a push notification that contains an approval request to allow or deny a login attempt. Push notifications are an easy and quick way to authenticate. After the user enters their username and password, a login request is sent to the app on their phone. The user taps Allow to authenticate. See Configuring Mobile OTP and Notifications.