Using Oracle Identity Cloud Service
Using Oracle Identity Cloud Service
Using Oracle Identity Cloud Service
Release 21.2.1
E57683-09
April 2021
Oracle Cloud Using Oracle Identity Cloud Service, Release 21.2.1
E57683-09
This software and related documentation are provided under a license agreement containing restrictions on
use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your
license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license,
transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse
engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is
prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on
behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software,
any programs embedded, installed or activated on delivered hardware, and modifications of such programs)
and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government
end users are "commercial computer software" or "commercial computer software documentation" pursuant
to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such,
the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works,
and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs
embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle
computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the
license contained in the applicable contract. The terms governing the U.S. Government’s use of Oracle cloud
services are defined by the applicable contract for such services. No other rights are granted to the U.S.
Government.
This software or hardware is developed for general use in a variety of information management applications.
It is not developed or intended for use in any inherently dangerous applications, including applications that
may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you
shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its
safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this
software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of
their respective owners.
Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are
used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc,
and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered
trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products,
and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly
disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise
set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not
be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content,
products, or services, except as set forth in an applicable agreement between you and Oracle.
Contents
Preface
Audience vi
Documentation Accessibility vi
Feature Limitations vi
Related Resources vii
Conventions vii
iii
Recover Your Account 2-2
Set Up or Modify Your Profile 2-3
Set Your Email Options 2-4
Set Your Security Options 2-5
Set Your Account Recovery Options 2-5
Set a Recovery Email Address as an Account Recovery Factor 2-6
Set Your Mobile Number as an Account Recovery Factor 2-6
Set Security Questions as an Account Recovery Factor 2-7
Modify Your Recovery Email Address 2-8
Modify Your Mobile Number 2-8
Modify Your Security Questions 2-8
Remove Your Mobile Number as an Account Recovery Factor 2-9
Remove Security Questions As an Account Recovery Factor 2-9
Understand Social Login 2-10
Use Case: Log in Using Social Login 2-10
Use Case: Link Social Accounts 2-10
Use Case: Unlink Social Accounts 2-11
Link and Unlink Social Accounts 2-11
Manage Group and Application Access 2-12
Request Group and Application Access 2-12
View Group and Application Access 2-12
View Group and Application Access Requests 2-12
Access Your Consents 2-13
Access My Apps 2-13
Use Form Fill Applications 2-14
Install the Oracle Form Fill Plug-in 2-14
Update Credentials for a Form Fill Application 2-15
iv
Use Recovery Email or Email as an Authentication Method 3-9
Enroll in 2-Step Verification After First Login 3-10
Add Backup Verification Methods 3-11
Trust a Device 3-11
Change Your Default Verification Method During Login 3-11
Manage 2–Step Verification from the My Profile Console 3-12
Configure an Additional 2–Step Verification Method from the My Profile Console 3-13
Remove a 2–Step Verification Method 3-13
Rename a 2–Step Verification Method 3-14
Manage Security Questions 3-14
Generate a Bypass Code 3-15
Use a Bypass Code 3-16
Remove a Trusted Device 3-16
Set a Default Verification Method 3-17
Change Your Default Verification Method Using the My Profile Console 3-17
Disable or Re-Enable 2-Step Verification 3-18
5 Supported Languages
v
Preface
Preface
Welcome to Using Oracle Identity Cloud Service.
This guide is intended for all users of Oracle Identity Cloud Service. Users are
responsible for configuring settings and managing 2-Step Verification for their
accounts, and for using the Oracle Mobile Authenticator (OMA) app.
• Audience
• Documentation Accessibility
• Feature Limitations
• Related Resources
• Conventions
Audience
Welcome to Using Oracle Identity Cloud Service. This guide is intended for non-
administrator users of Oracle Identity Cloud Service.
Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle
Accessibility Program website at http://www.oracle.com/pls/topic/lookup?
ctx=acc&id=docacc.
Feature Limitations
This guide documents the complete set of Oracle Identity Cloud Service features
that's available to users. Your localized version of Oracle Identity Cloud Service
might contain a subset of these features. Therefore, you might find features in this
documentation that are not available in your localized version of Oracle Identity Cloud
Service.
vi
Preface
Related Resources
• Administering Oracle Identity Cloud Service
• Integrating Oracle Identity Cloud Service
• Known Issues for Oracle Identity Cloud Service
• REST API for Oracle Identity Cloud Service
• What's New for Oracle Identity Cloud Service
• Oracle Identity Cloud Service Infographics
• Oracle Identity Cloud Service Sample Applications
• Oracle Identity Cloud Service Solutions
• Oracle Identity Cloud Service Tutorials
• Oracle Identity Cloud Service Videos
Conventions
The following text conventions are used in this guide:
Convention Meaning
boldface Boldface type indicates graphical user interface elements associated
with an action, or terms defined in text or the glossary.
italic Italic type indicates book titles, emphasis, or placeholder variables for
which you supply particular values.
monospace Monospace type indicates commands within a paragraph, URLs, code
in examples, text that appears on the screen, or text that you enter.
vii
Part I
Get Started
Learn how to get started with Oracle Identity Cloud Service.
Chapters:
• Get Started with Oracle Identity Cloud Service
1
Get Started with Oracle Identity Cloud
Service
The following sections describe how to get started with Oracle Identity Cloud Service
for Oracle Cloud users. Familiarity with Oracle Cloud services is assumed.
Topics:
• About Oracle Identity Cloud Service
• Supported Web Browsers
• How to Access Oracle Identity Cloud Service
• About the Oracle Identity Cloud Service Consoles
• Typical Workflow for Using Oracle Identity Cloud Service
1-1
Chapter 1
Supported Web Browsers
Note:
Support for Microsoft Browsers will follow the same N-1 support policy that
iOS provides. The most recent version plus one previous release. As of
January 12th 2016, this means the most recent version of Microsoft Edge
and IE11 only.
Topics:
• Access Oracle Identity Cloud Service from the Oracle Cloud Infrastructure
Console
• Access Oracle Identity Cloud Service from the Oracle Cloud Infrastructure Classic
Console
2. From the Oracle Cloud Infrastructure Console, click the navigation menu in
the top left corner, expand Identity, and then click Federation.
1-2
Chapter 1
About the Oracle Identity Cloud Service Consoles
3. In the Federation page, click the Oracle Identity Cloud Service Console link.
If multiple instances are listed, click the Oracle Identity Cloud Service Console
link for the console instance you want to open.
Topics
• Sign In Page
• My Profile Console
• My Apps
• Catalog
• 2–Step Verification
Sign In Page
Learn how to sign in, set, and reset your password.
When your account has been added to Oracle Identity Cloud Service, you receive an
activation email instructing you to activate your account. Click the activation link, and
then set your password.
If you forget your own password and can't sign in to Oracle Identity Cloud Service, you
can reset your password using your user name. See Recover Your Account.
There are various ways that you can sign in and authenticate including email,
passwordless authentication, and social accounts, If your administrator has configured
Passwordless Authentication, you can choose to use it to bypass the standard web-
1-3
Chapter 1
About the Oracle Identity Cloud Service Consoles
form-based authentication using email or a mobile device to sign in. For more details,
see Understand Passwordless Authentication.
My Profile Console
Use this console to set up or modify your profile (for example, time zone and
language preferences), manage your passwords, set your primary and recovery email
addresses, and link your social login accounts if you are using social login.
To access the My Profile console, click the avatar icon in the top-right corner, and then
select My Profile.
Element Description
My Profile Details Set up your profile information for the first time or
modify your current profile information. See Set Up
or Modify Your Profile.
Change My Password Change your password to Oracle Identity Cloud
Service. See Change Your Password.
Email Options Change your primary email address. See Set Your
Email Options.
Security Set a recovery email address, provide a mobile
number, or select and answer security questions to
help you regain access to your account if you have
trouble signing in, you’re locked out, or you forget
your password. See Set Your Account Recovery
Options.
Social Accounts Link your social account to your Oracle Identity
Cloud Service user account so that you can use
your social account's login credentials to access
Oracle Identity Cloud Service.
My Access View the groups and applications to which you
have been granted access. See View Group and
Application Access.
My Requests View your requests for access to groups and
applications. See View Group and Application
Access Requests.
My Apps
On the My Apps page, you can access all apps assigned to you.
You can sort these apps by their names or by the dates when they were granted to
you. For organizational purposes, you can designate preferred apps as favorites for
future easy reference and access. See Access My Apps for more information about
the My Apps page.
Catalog
Use this page to request access to groups of which you want to be a member and
applications that you want to use.
See Request Group and Application Access.
1-4
Chapter 1
Typical Workflow for Using Oracle Identity Cloud Service
2–Step Verification
Use this page to enroll in Multi–Factor Authentication (MFA) in Oracle Identity Cloud
Service.
When you sign in to Oracle Identity Cloud Service, you’re prompted for your user
name and password, which is the first factor. You’re then required to provide a second
type of verification. This is called 2-Step Verification. The two factors work together
to add an additional layer of security in Oracle Identity Cloud Service by using either
additional information or a second device to verify your identity and complete the login
process.
See Manage 2-Step Verification from the My Profile Console for more information
about the 2–Step Verification page.
1-5
Chapter 1
Typical Workflow for Using Oracle Identity Cloud Service
1-6
Part II
Perform User Tasks
Learn how to perform important end user tasks that you must do right away, and
others that you will return to later.
Chapters
• Configure User Settings
• Manage 2-Step Verification
• Use and Manage the Oracle Mobile Authenticator App
2
Configure User Settings
Learn how to configure user settings in Oracle Identity Cloud Service.
Topics:
• Typical Workflow for Configuring User Settings
• Change Your Password
• Recover Your Account
• Set Up or Modify Your Profile
• Set Your Email Options
• Set Your Security Options
• Understand Social Login
• Manage Group and Application Access
• Access Your Consents
• Access My Apps
2-1
Chapter 2
Change Your Password
Tip:
If you're using your Oracle Identity Cloud Service password to sign
in, then use the Password Criteria pane to confirm that your new
password conforms to the password policy set by your administrator.
If your password conforms to the policy, then each criterion displays a
green check mark.
If you're using your Microsoft Active Directory password to sign in to
Oracle Identity Cloud Service, then your password policy criteria is
defined and maintained by your Microsoft Active Directory administrator.
Contact your administrator for more information about this criteria.
2-2
Chapter 2
Set Up or Modify Your Profile
1. In the Oracle Identity Cloud Service login page, click the Click here link.
2. In the Forgot Your Password? page, enter your user name, and then click Next.
3. Select the Recovery Email, Mobile Number, or Security Questions account
recovery method.
a. If you select Recovery Email, then a Password Reset notification is sent
to the recovery email address associated with your account. Follow the
instructions in the notification to reset your password.
b. If you select Mobile Number, then a passcode is sent to the mobile number
associated with your account. Enter the passcode, and then click Verify to
reset your password.
c. If you select Security Questions, then one of the security questions that you
set appears. Provide the answer to this security question, and then click Verify
to reset your password.
Important:
The factors that are available for you to select are dependent upon the
selections you made when you set your account recovery options. For
example, if you didn't set your mobile number as an account recovery factor,
then you can’t use this factor to recover your account. It won’t appear in the
Forgot Your Password? page.
If Recovery Email is the only account recovery method that you set, then
you won't be prompted to select a method. Instead, the Password Reset
notification is sent to the recovery email address associated with your
account.
If you haven't set any account recovery options, then the Password Reset
notification is sent to your primary email address.
2-3
Chapter 2
Set Your Email Options
For example, you can change the time zone and language that displays for your
account.
2. If you have a multi-valued attribute for your profile, then a Values link appears to
the right of the attribute. To populate this attribute with values:
a. Click the Values link.
b. In the popup window that appears, click Add.
c. In the text box that appears, enter a value for the attribute.
d. Repeat steps b and c to add other values for the attribute.
Tip:
To remove an existing value from the attribute, click the X button to
the right of the value.
e. Click OK. The counter to the right of the Values link changes to reflect the
updated number of values for the attribute.
3. Click Save.
Note:
In addition to your primary email address, you can set an alternate (recovery)
email address that you can use to help you recover your account. See Set
Your Account Recovery Options.
2-4
Chapter 2
Set Your Security Options
Important:
The account recovery factors that are available for you to set are
dependent upon the selections your identity domain administrator or security
administrator made when they set up account recovery for your identity
domain. For example, if your administrator deactivated mobile number as
an account recovery factor, then you can’t use this factor to recover your
account. It won’t appear in the Security tab of the My Profile console. See
Configure Account Recovery.
Because you want to be able to regain access to your account, you must set
at least one account recovery factor.
2-5
Chapter 2
Set Your Security Options
Tip:
If you didn’t receive the notification, then in the Recovery Options
page, click Resend Email. Oracle Identity Cloud Service will resend the
notification to the email address you provided in step 5.
6. In your Inbox, open the verification notification, and then click the Email
Verification link.
7. In the Email Verified page, click the Click here to continue link.
8. In the Recovery Email pane of the Recovery Options page, verify that you see
the recovery email address that you provided in step 5.
Note:
If you don’t see a Configure button in this pane, then you have already
set your mobile number as an account recovery factor.
2-6
Chapter 2
Set Your Security Options
3. In the Mobile Number field of the Mobile Number dialog box, select a country
code for your mobile number, enter the mobile number to use to recover your
account, and then click Send Passcode.
Oracle Identity Cloud Service sends a passcode in a text message to this mobile
number.
Note:
Don’t enter any non-numeric characters for your mobile number.
For example, if your mobile number is 212-555-1212, then enter
2125551212.
4. Enter the passcode in the text field that appears below the Mobile Number field,
and then click Verify.
Note:
If you didn’t receive the passcode, then click Resend. Oracle Identity
Cloud Service will resend the passcode to your mobile number.
Note:
If you don’t see a Configure button in this pane, then you have already
set security questions as an account recovery factor.
3. In the Security Questions dialog box, select your security questions, provide
answers and optional answer hints, and then click Save.
Tip:
2-7
Chapter 2
Set Your Security Options
Note:
If you don’t see in this pane, then you have not set your mobile
number as an account recovery factor.
3. Select Edit.
4. In the Mobile Number field of the Mobile Number dialog box, select a different
country code for your mobile number or enter the updated mobile number to use to
recover your account, and then click Send Passcode.
Oracle Identity Cloud Service sends a passcode in a text message to this mobile
number.
5. Enter the passcode in the text field that appears below the Mobile Number field,
and then click Verify.
Tip:
If you didn’t receive the passcode, then click Resend. Oracle Identity
Cloud Service will resend the passcode to your mobile number.
2-8
Chapter 2
Set Your Security Options
Note:
If you don’t see in this pane, then you have not set security
questions as an account recovery factor.
3. Select Edit.
4. In the Security Questions dialog box, select different security questions, provide
other answers and optional answer hints, and then click Save.
Tip:
Note:
If you don’t see in this pane, then you have not set your mobile
number as an account recovery factor.
3. Select Remove.
4. In the Confirmation dialog box, click OK.
Note:
If you don’t see in this pane, then you have not set security
questions as an account recovery factor.
2-9
Chapter 2
Understand Social Login
3. Select Remove.
4. In the Confirmation dialog box, click OK.
Note:
The auto populated information varies depending upon the data being
captured from the social identity provider.
She provides all required registration information. Her account is created successfully,
and she receives an email so that she can activate her account.
2-10
Chapter 2
Understand Social Login
Beatrix Kiddo is an end user for ABC Corporation and an Oracle Identity Cloud Service
customer. Beatrix logs in to Oracle Identity Cloud Service using a social account,
accesses her user profile, and then accesses the Social Accounts tab. On the Social
Accounts tab, she sees the social account that she used the first time to login into
Oracle Identity Cloud Service. When she signs in using a social account, that account
is automatically linked to her Oracle Identity Cloud Service account.
If she wants to link another social account, she clicks Link a Social Account and
completes the steps necessary to log in to the social account. She can now log in
using either of those social accounts.
2. In the Link a Social Account dialog box, click the Action menu , and then
click Link.
A login page with the social account that you chose displays.
3. Complete the steps necessary to log in to your social account.
You're redirected to Oracle Identity Cloud Service.
4. In the My Profile console, click Social Accounts, and then verify that the social
account you linked appears.
2-11
Chapter 2
Manage Group and Application Access
5. (Optional) To unlink a social account, click the Action menu, and then click
Unlink.
Topics
• Request Group and Application Access
• View Group and Application Access
• View Group and Application Access Requests
2-12
Chapter 2
Access Your Consents
Access My Apps
Use the My Apps page to access and organize applications.
Applications that show in the My Apps page are applications to which the
administrator has granted you access. Access can be granted to you as an individual
user or to a group to which you belong. You are directed to the My Apps page after
you activate your account and each time you log in thereafter.
1. Click your avatar and then choose My Apps.
2. Search for applications by entering a string that begins the application name.
3. Set your favorites.
4. Sort applications by Name and Recently Granted.
2-13
Chapter 2
Access My Apps
Note:
Internet Explorer and Edge are not supported.
2-14
Chapter 2
Access My Apps
Note:
If instead of the Enter Credentials dialog box you see the application's
login page – the app doesn't support the form fill plug-in.:
You can now access form fill applications from the My Apps page:
1. The first time you access a form fill application:
a. Instead of going to the application's login page, an Enter Credentials dialog
box opens in front of the My Apps page.
b. Enter the login credentials for the application in the Enter Credentials dialog
box and click Login.
The Oracle Form Fill Plug-in captures your credentials and logs you in to the
application.
2. When you access the same form fill application from My Apps in the future, you
are automatically logged in to the application.
Note:
If you later change your login credentials in the application, you must
update your credentials from the application tile on the My Apps page.
See Update Credentials for a Form Fill Application.
2-15
3
Manage 2-Step Verification
Learn how to configure 2-Step Verification for your account.
• Typical Workflow for Managing 2–Step Verification
• Enroll in 2–Step Verification for Your Account
• Add Backup Verification Methods
• Trust a Device
• Set a Default Verification Method
• Change Your Default Verification Method During Login
• Manage 2–Step Verification from the My Profile Console
3-1
Chapter 3
Enroll in 2–Step Verification for Your Account
3-2
Chapter 3
Enroll in 2–Step Verification for Your Account
3-3
Chapter 3
Enroll in 2–Step Verification for Your Account
5. (Optional) If you can’t receive a text, for example, you don’t have your phone with
you, click Show alternative login methods to use an alternative method to verify
your identity.
Note:
You must have previously set up more than one verification method,
such as using a bypass code that you previously generated and stored
in a safe place. If you haven’t set up more than one verification method,
you can call the help desk and have a bypass code generated for you.
6. (Optional) You can also select Show alternative login methods to change your
default verification method.
a. Click Show alternative login methods. All 2–Step Verification methods that
you are enrolled in appear in the Alternative login methods section.
b. Select a different verification method. You are then prompted to enter the
required verification for that method.
c. Enter the required verification.
d. Select the Make this my default method check box to set this 2-Step
Verification method as your default. The next time that you log in, you are
prompted to verify your identity using this method of verification.
3-4
Chapter 3
Enroll in 2–Step Verification for Your Account
Note:
You must have previously set up more than one verification method,
such as using a bypass code that you previously generated and stored
in a safe place. If you haven’t set up more than one verification method,
you can call the help desk and have a bypass code generated for you.
3-5
Chapter 3
Enroll in 2–Step Verification for Your Account
5. (Optional) You can also select Show alternative login methods to change your
default verification method.
a. Click Show alternative login methods. All 2–Step Verification methods that
you are enrolled in appear in the Alternative login methods section.
b. Select a different verification method. You are then prompted to enter the
required verification for that method.
c. Enter the required verification.
d. Select the Make this my default method check box to set this 2-Step
Verification method as your default. The next time that you log in, you are
prompted to verify your identity using this method of verification.
3-6
Chapter 3
Enroll in 2–Step Verification for Your Account
The 2-Step Verification page appears, and then you are prompted for your
second verification method.
You are prompted to enter the passcode that is generated by the third-party
authenticator app on your mobile device.
2. Enter that passcode into the Passcode box on the 2-Step Verification page.
3. (Optional) Select the Trust this computer for _ days check box (if enabled by
your administrator) to skip providing a second method of authentication for the
number of days indicated when you log in from the same device. The number of
days is defined by your administrator.
4. Click Verify.
5. (Optional) If you are unable to use the App, for example, you don’t have your
phone with you,click Show alternative login methods to use an alternative
method to verify your identity.
Note:
You must have previously set up more than one verification method,
such as using a bypass code that you previously generated and stored
in a safe place. If you haven’t set up more than one verification method,
you can call the help desk and have a bypass code generated for you.
6. Optional. You can also select Use backup verification method to change your
default verification method.
a. Click Show alternative login methods. All 2–Step Verification methods that
you are enrolled in appear in the Alternative login methods section.
b. Select a different verification method. You are then prompted to enter the
required verification for that method.
c. Enter the required verification.
d. Select the Make this my default method check box to set this 2-Step
Verification method as your default. The next time that you log in, you are
prompted to verify your identity using this method of verification.
3-7
Chapter 3
Enroll in 2–Step Verification for Your Account
The number of security questions that you are required to answer appear.
4. Select the questions, and then provide your answers.
5. (Optional) Enter answer hints. The answer and the hint can’t be the same.
The hint appears as a tooltip when you are using security questions as your
second authentication method.
6. Click Save.
The Successfully Enrolled page appears.
7. Click Done.
To set up an additional method during enrollment, select another method from the
bottom of the page, and then walk through the enrollment process for that method.
Alternatively, you can set up additional methods later using the Security tab in the
Oracle Identity Cloud Service My Profile console.
Note:
You must have previously set up more than one verification method,
such as using a bypass code that you previously generated and stored
in a safe place. If you haven’t set up more than one verification method,
you can call the help desk and have a bypass code generated for you.
6. (Optional) You can also select Show alternative login methods to change your
default verification method.
a. Click Show alternative login methods. All 2–Step Verification methods that
you are enrolled in appear in the Alternative login methods section.
b. Select a different verification method. You are then prompted to enter the
required verification for that method.
c. Enter the required verification.
3-8
Chapter 3
Enroll in 2–Step Verification for Your Account
d. Select the Make this my default method check box to set this 2-Step
Verification method as your default. The next time that you log in, you are
prompted to verify your identity using this method of verification.
Note:
Depending on how your administrator has configured your email settings,
you may see either Recovery Email, or Email, or both as 2–Step
Verification options.
When multi-factor authentication (MFA) is enabled, the first time that you log in, the
Select Your Default 2-Step Verification Method flow appears after you enter your
user name and password.
1. Enter your name and password to log in to an Oracle Identity Cloud Service
console where 2-step verification has been enabled.
2. On the Enable 2-Step Verification introduction page, click Enable 2-Step
Verification.
The authentication methods available to you appear on the Select Your Default
2-Step Verification Method page.
3. Click Recovery Email or Email.
Oracle Identity Cloud Service sends a one-time passcode to your primary email
address.
4. Enter the passcode into the Code box, and then click Verify Email Address.
5. (Optional) To set up an additional method during enrollment, select another
method from the bottom of the page, and then walk through the enrollment
process for that method. Alternatively, you can set up additional methods later
using the Security tab in the Oracle Identity Cloud Service My Profile console.
6. Click Done.
Note:
Depending on how your administrator has configured your email settings,
you may see either Recovery Email, or Email, or both as 2–Step
Verification options.
3-9
Chapter 3
Enroll in 2–Step Verification for Your Account
The 2-Step Verification page appears, and then you are prompted for your
second verification method.
If email is your default 2–Step Verification method, an email that contains a
passcode is sent to your email address.
If email isn’t your default 2–Step Verification method, you can click Show
alternative login methods and select Recovery Email or Email from the list
of alternative methods.
After you enroll in email as a 2–Step Verification method, if you change your email
address and the change is verified, Oracle Identity Cloud Service automatically
sends the passcode to the updated address. There is no need to re-enroll.
2. Enter that passcode into the Passcode box on the Email Verification page.
If you didn’t receive the email, click Resend email.
3. (Optional) Select the Trust this computer for _ days check box (if enabled by
your administrator) to skip providing a second method of authentication for the
number of days indicated when you log in from the same device. The number of
days is defined by your administrator.
4. Click Verify.
5. (Optional) If you can’t receive an email, click Show alternative login methods to
use an alternative method to verify your identity.
Note:
You must have previously set up more than one verification method,
such as using a bypass code that you previously generated and stored
in a safe place. If you haven’t set up more than one verification method,
you can call the help desk and have a bypass code generated for you.
6. (Optional) You can also select Show alternative login methods to change your
default verification method.
a. Click Show alternative login methods. All 2–Step Verification methods that
you are enrolled in appear in the Alternative login methods section.
b. Select a different verification method. You are then prompted to enter the
required verification for that method.
c. Enter the required verification.
d. Select the Make this my default method check box to set this 2-Step
Verification method as your default. The next time that you log in, you are
prompted to verify your identity using this method of verification.
3-10
Chapter 3
Add Backup Verification Methods
Trust a Device
When you access an app for the first time using your 2-Step Verification method
from your computer or a device, you have the option to flag your computer or
device as trusted. Trusted devices don’t require you to provide a second method of
authentication each time that you log in (for a defined time period that is set by your
administrator).
This feature is similar to the “remember my computer” option that you often see
during authentication on many web sites. When you log in and provide your second
verification method, select the Trust this computer for _ days check box. That
device is then listed in the Trusted Devices section of the Security tab in the Oracle
Identity Cloud Service My Profile console. See Manage 2–Step Verification from the
My Profile Console.
If you choose not to trust the computer, you are prompted for 2-Step Verification each
time that you log in from that device. You have the opportunity each time that you log
in to trust the computer or device.
3-11
Chapter 3
Manage 2–Step Verification from the My Profile Console
5. Select the Make this my default method check box to set this 2-Step Verification
method as your default. The next time that you log in, you are prompted to verify
your identity using this method of verification.
Note:
Your administrator determines whether you see options for Recovery
Email, Email, or both.
• Bypass Code: Generate a bypass code and store it for later use. You can also
contact an administrator to obtain a bypass code for access.
• Duo Security: If Duo Security is enabled, use Duo Security as an MFA factor.
The following topics provide more information on managing your 2-Step Verification
methods from the Security page.
• Configure an Additional 2–Step Verification Method from the My Profile Console
• Remove a 2–Step Verification Method
• Rename a 2–Step Verification Method
• Manage Security Questions
• Generate a Bypass Code
• Use a Bypass Code
• Remove a Trusted Device
• Set a Default Verification Method
3-12
Chapter 3
Manage 2–Step Verification from the My Profile Console
Note:
Only Mobile Number and Mobile App methods can be added from the My
Profile console Security tab.
1. Access the My Profile console by clicking your initials in the upper-right corner,
and then select My Profile from the drop-down list.
2. Click Security.
3. Locate the method that you want to add, and in the pane for that method, click
Configure.
4. Walk through the enrollment wizard to add the method.
These are the same steps that you perform when you set up an authentication
method during enrollment. See the topic for the method you want to add under
Enroll in 2–Step Verification for Your Account.
3-13
Chapter 3
Manage 2–Step Verification from the My Profile Console
Note:
You can't remove all of the methods. If you have only one method
configured, an error message appears at the top of the page when you
confirm the removal.
Note:
Only Mobile App methods can be renamed.
As an example, you might want to do this when you add another mobile number, and
you want each name to be more descriptive.
1. Access the My Profile console by clicking your initials in the upper-right corner,
and then select My Profile from the drop-down list.
2. Click Security.
3. In the method pane for the method that you want to remove, click the Action
3-14
Chapter 3
Manage 2–Step Verification from the My Profile Console
Note:
The Bypass Code dialog box displays the number of uses allowed. Your
bypass code doesn't expire, but you can only used it once.
5. Click Done.
6. (Optional) To view and copy your bypass code, in the Bypass Code pane, click
a. In the Bypass Code pane, click the Action menu and select Email.
b. In the Confirmation dialog box, click OK.
3-15
Chapter 3
Manage 2–Step Verification from the My Profile Console
Note:
You must have previously set up more than one verification method,
such as using a bypass code that you previously generated and stored
in a safe place. If you haven’t set up more than one verification method,
you can call the help desk and have a bypass code generated for you.
3-16
Chapter 3
Manage 2–Step Verification from the My Profile Console
4. In the pane for the trusted device that you want to remove, click the Action menu
3. In the 2-Step Verification section, click the Action menu and select Change
Default.
4. In the Change Default dialog box, select the method that you want to use as your
default verification method.
3-17
Chapter 3
Manage 2–Step Verification from the My Profile Console
Note:
Only those 2–Step Verification methods that you are enrolled in are
displayed.
5. Click Done.
The check mark appears on the method pane that you just set as your default.
Note:
If your administrator has made 2-Step Verification required, disabling
it from the My Profile console has no effect.
3-18
4
Use and Manage the Oracle Mobile
Authenticator App
Topics
• Typical Workflow for Using and Managing the Oracle Mobile Authenticator App
• Use the Oracle Mobile Authenticator App
• Manage the Oracle Mobile Authenticator App
4-1
Chapter 4
Use the Oracle Mobile Authenticator App
4-2
Chapter 4
Manage the Oracle Mobile Authenticator App
5. On the Enable 2–Step Verification page, enter the key that displays, and then tap
Save.
6. After setup is complete, the OMA app displays a one-time passcode (OTP) for
your account. Enter that OTP on the Enable 2-Step Verification page.
7. Click Verify.
The Successfully Enrolled page appears.
8. Click Done.
4-3
Chapter 4
Manage the Oracle Mobile Authenticator App
Note:
To edit an account when using VoiceOver mode, you must be in Grid
View. The Edit option isn’t available in List View when using VoiceOver
mode.
• Android: While in List View, long tap the account that you want to edit. While in
Grid View, tap the account, and then long tap it when it appears in detail view. Tap
the pencil icon that appears in the upper-right corner, make your changes in the
Edit Account screen, and then tap SAVE.
4-4
Chapter 4
Manage the Oracle Mobile Authenticator App
• Windows: Tap and hold the account tile that you want to edit. A menu appears.
Tap Edit and make your changes in the Edit Account screen, and then tap Save.
Sync an Account
You can sync your accounts in the Oracle Mobile Authenticator (OMA) app.
The steps to sync your accounts in the OMA app vary between the supported
operating systems.
• iOS: While in List View, swipe left on the account tile that you want to sync.
While in Grid View, swipe up. Tap Edit and in the Edit Account screen, tap Sync
Account to update the account with the latest policies and to refresh the shared
secret.
Note:
To edit an account when using VoiceOver mode, you must be in Grid
View. The Edit option isn’t available in List View when using VoiceOver
mode.
• Android: While in List View, long tap the account that you want to sync. While in
Grid View, tap the account, and then long tap it when it appears in detail view. Tap
the pencil icon that appears in the upper-right corner, and the in the Edit Account
screen, tap Sync Account to update the account with the latest policies and to
refresh the shared secret.
• Windows: Tap Sync Account to update the account with the latest policies and
to refresh the shared secret. Tap Edit and in the Edit Account screen, tap Sync
Account to update the account with the latest policies and to refresh the shared
secret.
4-5
Chapter 4
Manage the Oracle Mobile Authenticator App
• iOS: While in List View, swipe left on the account tile that you want to delete. While
in Grid View, swipe up. Tap Delete.
Note:
To delete an account when using VoiceOver mode, you must be in
Grid View. The Delete option is not available in List View when using
VoiceOver mode.
• Android: Tap and hold the account tile that you want to delete, tap the trash
can icon that appears in the upper-right corner, and then in the Delete Account
window, tap Delete Account.
• Windows: Tap and hold the account tile that you want to delete. A menu appears.
Tap Delete, and then tap Delete Account in the window that appears.
4-6
Chapter 4
Manage the Oracle Mobile Authenticator App
The next time that you open the App, you are prompted to use your fingerprint to
gain access to the OMA app.
3. To disable Screen Protection:
Screen Protection prevents OMA App content from being captured by screen
recording (iOS only), AirPlay (iOS only), or Screen Mirroring and is enabled by
default. Screen protection is available in iOS version 11 and higher.
a. Launch the OMA app, and then tap the menu icon in the upper-left corner.
b. Tap App Protection.
c. Tap to disable Screen Protection for the App.
4-7
Part III
Support
Learn about enabling multi-factor authentication for Oracle Cloud.
Chapters
• Supported Languages
5
Supported Languages
Oracle Identity Cloud Service offers a localized user experience for its web interface.
By default, the web interface language is set to match the web browser locale, but
users can override this setting in their profile details. If users change their language
setting, the change won’t take effect until the next time they sign in.
The following languages are available:
5-1