Setting up Two-Factor Authentication - Oracle Authenticator
Oracle Authenticator is a Two-factor authentication application. The one-time password generated by the authenticator is a 6-digit number that must be provided as the second factor of authentication. Oracle mobile authenticator is available in iOS 7.1+ and Android 4.1+. You can install Oracle Authenticator in your smartphone or tablet devices. This document will teach you to set up and use the Oracle Authenticator with Password Manager Pro.
Sequence of Events
Following is the sequence of events involved in using Oracle Authenticator for the second factor authentication:
- A user tries to access the Password Manager Pro web interface
- Password Manager Pro authenticates the user through Active Directory or LDAP or locally (first factor)
- Password Manager Pro prompts for the second-factor credential through Oracle Authenticator
- User enters the six-digit token that you see on the app GUI
- Password Manager Pro grants the user access to the web interface
Steps Required
- Configuring TFA in Password Manager Pro
- Enforcing TFA for Required Users
- Connecting to Password Manager Pro Web Interface when TFA via Oracle Authenticator is Enabled
1. Configuring TFA in Password Manager Pro
- Navigate to Admin >> Authentication >> Two-Factor Authentication.
- Choose the option Oracle Mobile Authenticator and click Save.
- Then, click on Confirm to enforce Oracle Authenticator as the second factor of authentication.
2. Enforcing TFA for Required Users
- Once you confirm Oracle Authenticator as the second factor of authentication in the previous step, a new window will prompt you to select the users for whom TFA should be enforced.
- You can enable or disable TFA for a single user or multiple users in bulk from here.
- You can also select the users later by navigating to Users >> More Actions >> Two-factor Authentication.
3. Connecting to Password Manager Pro Web Interface when TFA via Oracle Authenticator is Enabled
Prerequisite
To make use of Oracle Authenticator as the second factor of authentication, first install the Oracle Authenticator app in your smart phone or tablet. Oracle Authenticator officially supports Android, iPhone, iPad devices. To know more about Oracle Authenticator, click here.
Connecting to Password Manager Pro web interface
The users for whom TFA is enabled, will have to authenticate twice successively. As explained above, the first level of authentication will be through the usual authentication. That is, the users have to authenticate through Password Manager Pro's local authentication or AD/Azure AD/LDAP authentication. If the administrator has chosen the TFA option "Oracle Mobile Authenticator", the TFA will happen as detailed below:
- Upon launching the Password Manager Pro web-interface, the user has to enter the credentials (local authentication or Azure AD/AD/LDAP) and click Login.
- Associating Oracle Authenticator with your account in Password Manager Pro: When you are logging in for the first time after enabling TFA through Oracle Authenticator, you will be prompted to associate it with your account in Password Manager Pro.
- First, launch the Oracle Authenticator app in your mobile device/tablet.
- Tap the '+' button or click Add Account.
- Then, Scan QR code to add account and point your device to the QR code shown in the GUI such as the image displayed below. This will automatically configure Oracle Authenticator to start generating authentication codes for Password Manager Pro.
- After completing this, you can enter the current token for authentication in the text box.
- If you have trouble scanning the QR code, the automatic setup will not work. Alternatively, you can carry out the following manual steps in the Oracle Authenticator app in your device:
- Tap the '+' button or click Add Account.
- Select Enter key manually and select the Account Type as Others.
- Mention the Account name and the alphanumeric string as the Key and select Save.
- Oracle Authenticator is now set up and it will start generating codes periodically. Enter the current code to continue logging into Password Manager Pro.
Troubleshooting Tip
As mentioned earlier, the Oracle Authenticator is associated with your Password Manager Pro account. If you ever lose your mobile device/tablet OR if you accidentally delete the Oracle Authenticator app on your device, you will still be able to get tokens to log into Password Manager Pro. In such scenarios,
- Click the link "Have trouble using Oracle Authenticator?" in the Password Manager Pro login screen.
- You will be prompted to enter your Password Manager Pro username and the email address associated with Password Manager Pro.
- You will receive instructions to get Oracle Authenticator again via the above mentioned Email.