Cloud Security Perspectives and Insights

Multi-factor Authentication with Oracle Identity Cloud Service

Sanjay Sadarangani
Product Manager - Identity Cloud Service

Organizations moving to the cloud are seeing traditional network perimeters vanish, leaving their users vulnerable to social engineering and phishing, and their applications vulnerable to data breaches. Multi-factor authentication gives organizations a crucial layer of security, securing end-user credentials and administrator access to on-premises and SaaS applications. Oracle Identity Cloud Service (IDCS) Multi-factor authentication(MFA) gives organizations an intelligent, end-user friendly multi-factor authentication platform. 

Context, Behavior and Risk based Policies

To streamline application access, organizations should design the sign-in experience based on context. For example, if John is signing in from the corporate network, then you may decide not to prompt for MFA.  But if John is signing in from a public network, then there are more reasons to prompt for MFA. Another example would be if Susan is accessing a PCI application, then you may want to prompt for MFA on each login.  But if she is accessing your email application, then you may decide to prompt from MFA once every 15 days from a trusted device.

With Identity Cloud Service, organizations can define policies that contain context based rules and actions. These rules leverage the user, application, device, risk and request context to dynamically determine; if a user is allowed access, denied access or needs to be prompted for MFA.


My new favorite catchphrase is, "Organizations need to be right 100% of the time, an attacker only has to be right once ..". It is therefore important that organizations are continuously computing risk and simultaneously pulling in risk feeds and threat intelligence from multiple sources.

The Oracle Identity Cloud Service adaptive intelligence engine is designed not only to help compute risk by detecting certain risky events and analyzing login behavior, but it can also pull in risk feeds from UEBA systems and IP Reputation providers. It uses this combined risk score along with the contextual data and threat intelligence to dynamically enforce the access decisions you configure. 

Broad range of Authentication Methods

Organizations should tailor authentication and MFA based on the users of the applications, how the application will be used, application compliance requirements and the type of user experience the users expect to have.

Oracle’s Identity Cloud Service MFA helps enable organizations to address such challenges by providing support for a broad range of factors. It supports many legacy methods such as security questions, consumer friendly methods such as Email or SMS OTP, and enterprise grade verification via the Oracle Mobile Authenticator App which can be downloaded from Apple, Android or Windows app store. 

 Standards or API enabled App Integrations

Organizations should develop a strategy to secure their SaaS, on-premises and custom applications with MFA,and that is easier to do without having to deal with multiple vendors.

The Identity Cloud Service App Catalog and the application wizard helps enable organizations to provide MFA for practically any application that supports SAML or OpenID Connect. Customers of Oracle SaaS including Fusion Applications, Customer Experience (CX), NetSuite, etc. can take advantage of the pre-integrated configuration to enable MFA for their end-users. Enterprise applications such as E-Business Suite, PeopleSoft, JD Edwards, etc. can make use of the Application Gateway, which integrates with Oracle Identity Cloud Service MFA, to provide additional security. IDCS Linux PAM can be leveraged to enable MFA while logging into Linux servers. 

Identity Cloud Service APIs allow organizations to embed MFA into their bespoke sign-in pages, enabling them to tailor the sign-in experience. These APIs also enable organizations to challenge users when they are performing sensitive or high risk transactions.


Getting Started with Identity Cloud Service Multifactor Authentication

For a quick overview of IDCS MFA watch this video

For steps on how to enable MFA and define application policies go here

For more information on IDCS go here

To get a trial Oracle cloud account go here

Watch webinar : IDCS for Enterprise Apps

Watch webinar : IDCS for Oracle SaaS


Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.