MFA for Oracle Access Manager
This is an Early Access feature. To enable it, contact Okta Support.
The guide below outlines the setup process to install the Okta Multifactor Authentication (MFA) provider for Oracle Access Manager. With this feature, customers can use OAM as their Identity Provider (IdP) to applications and also use Okta for MFA to provide a strong method of authentication for applications. For version history see Okta Oracle Access Manager Plugin Version History
Note: If you are currently using theRSA SecurID agent (v. 1.1.0 or below) you should upgrade to the latest version of the On-Prem MFA agent at your earliest convenience. For the latest version and version history, see Okta On-Prem MFA Agent Version History.
Topics
Requirements and versions
The Okta MFA Provider for Oracle Access Manager has been tested against the following:
Name | Version |
---|---|
WebLogic Server | 11g (10.3.6.0) |
Oracle Access Manager | 11g (11.1.2.0.0) |
Operating System | Windows Server |
Java Runtime | 1.7.0_80 or later |
Supported factors
The following MFA Factors are supported:

When integrating with Okta RADIUS, the maximum supported number of enrolled factors is dependent on the size of resulting challenge message. Okta recommends that no more than eight ( 8 ) factor be enrolled at one time.
MFA Factor | Password Authentication Protocol PAP |
Extensible Authentication Protocol - Generic Token Card EAP-GTC |
Extensible Authentication Protocol - Tunneled Transport Layer Security EAP-TTLS |
---|---|---|---|
Okta Verify (TOTP and PUSH) | Supported | Supported | Supported - as long as challenge is avoided. For example: MFA-only or password, MFA for TOTP. Push can work with primary auth + MFA as the push challenge is sent out-of-band. |
Voice Call | Supported | Supported | Not supported |
SMS Authentication | Supported | Supported | Not supported |
Google Authenticator | Supported | Supported | Supported - as long as challenge is avoided. For example MFA only or password, MFA. |
Symantec VIP | Supported | Supported | Supported |
Security Question | Supported | Supported | Not supported |
Custom TOTP Authentication | Supported | Supported | Not supported |
Duo(Push, SMS and Passcode only) | Supported | Not supported | Not supported |
YubiKey | Supported | Supported | Supported |
Supported |
Supported |
Supported |
|
Supported |
Supported |
Not supported |

Note
The U2F Security and Windows Hello MFA factors are not compatible with RADIUS-enabled implementations.
For additional information about the Radius apps refer to Configuring RADIUS applications in Okta.
Note: Only applications which support Embedded Credential Collector (ECC) WebGates are supported.
Typical workflow
Task |
Description |
---|---|
Configure MFA factors | Within your Okta org, configure MFA factors for use with Oracle Access Manager. |
Download the agent |
|
Install and Configure the Oracle Access Manager plugin |
|
Deploy OktaWidget.war |
|
Configure Module, Scheme and Policy |
|
Enable SSL on OAM servers |
|