Skip to main content

Enable Datawiza MFA (2FA) for EBS

About 3 min

Overview

This guide walks you through configuring Datawiza Multi-Factor Authentication (MFA/2FA) for Oracle E-Business Suite (EBS).

Prerequisite

Before proceeding, ensure you have the following:

Part I: Datawiza Cloud Management Console (DCMC) Configuration

Step 1: Sign in to DCMC

  1. Log into the DCMCopen in new window.

Log Into DCMC

Step 2: Create a New Deployment

  1. Navigate to the Deployments tab.
  2. Click + CREATE DEPLOYMENT.
  3. Enter a Name and Description, then click Create.

Oracle EBS MFA | Create a New Deployment

Step 3: Add a New Application

  1. Go to the Applications tab and click Create Application.

Oracle EBS MFA | Create an New Application

Configure your application with the following values:

  • App Type: WEB.
  • Name: Demo App.
  • Application URL: https://ebs.datawiza.net (replace with your own DNS name). This DNS name should match the Site Value setting in your EBS, on the Define Profile Values: Application Authenticate Agent page. The DNS name (e.g., ebs.datawiza.net) should resolve to the IP address of the Datawiza Access Proxy (DAP), or to the IP address of the load balancer or reverse proxy that sits in front of the DAP.
  • SSL: Enable SSL and use datawiza self-signed certificate.
  • Listen Port: 443.
  • Upstream Servers: Custom Upstream.
  • Custom Upstream Server Address: http://10.0.1.85:8000 (replace with the actual IP address or hostname of your EBS web server).
  • Click Next.

Oracle EBS MFA | Create an New Application

Step 4: Update Access Rules

  1. Go to the Rules tab.
  2. Edit the default access rule and set the Rule Type to Not Protected. Oracle EBS MFA | Edit Default RuleOracle EBS MFA | Set Rule Type to Not Protected

Step 5: Enable Datawiza MFA

  1. Navigate to the Advanced tab.
  2. Under Advanced Settings, select MFA, then click Create MFA Configuration. Oracle EBS MFA | Create MFA Configuration - Step 1
  3. Enter a name and select DATAWIZA as the provider. Oracle EBS MFA | Create MFA Configuration - Step 2

Step 6: Generate Provisioning Keys

  1. Click on Deployment Detail. Oracle EBS MFA | Deployment Detail

  2. Select the Provisioning Keys tab, then click Create Provisioning Key. Oracle EBS MFA | Provisioning Keys

  3. Enter a key name and click Create. Oracle EBS MFA | Create Provisioning Key

  4. Save the PROVISIONING_KEY and PROVISIONING_SECRET. You'll use these in your deployment. Oracle EBS MFA | Provisioning Key Created

Step 7: Run the Datawiza Access Proxy (DAP)

  1. Go to the Quick Start tab.
  2. Follow Step 1 to install Docker and pull the DAP image.
  3. Follow Step 2 to generate a docker-compose.yaml using your provisioning keys and start the DAP container.

Oracle EBS MFA | DAP Quick Start

Part II: MFA User Configuration

Datawiza provides a user management interface for handling MFA users.

Step 1: Add a New MFA User Manually

Go to the Users tab and click + CREATE USER.

Provide the following details:

  • Username: johndoe (We use this user as the example)
  • Email: The user's email address for receiving setup instructions
  • Status: Active
  • Setup Authenticator: Enable "Automatically send an authenticator setup link via email"
  • Click Create.

Oracle EBS MFA | Add MFA User

Step 2: Complete MFA Enrollment

The user will receive an email with a QR code to scan with an authenticator app (e.g., Google Authenticator, Microsoft Authenticator). Oracle EBS MFA | MFA Setup Email

Step 3: (Optional) Enable JIT User Provisioning

To streamline the onboarding process, you can enable Just-In-Time (JIT) user provisioning, which automatically creates a user record the first time a user logs in.

Oracle EBS MFA | Enable JIT

Step 4 (Optional): Bulk Upload MFA Users via CSV

Instead of manually creating users one by one, you can bulk upload multiple users using a CSV file. Oracle EBS MFA | Upload CSV

CSV Format Example

usernameemailgroups
johndoejohndoe@datawiza.comhr
gilgil@datawiza.comeng
billbill@datawiza.com
  • username and email are required.
  • groups is optional.

Oracle EBS MFA | MFA User CSVOracle EBS MFA | Upload CSV

Authenticator Enrollment via CSV Upload

  • If the "Automatically send an authenticator setup link via email" option is enabled during the CSV upload:

    • Each user will receive a QR code via email.
    • Their Authenticator status will be set to Enrolled.
    • They will be prompted with the MFA challenge during login.

  • If the option is not enabled, users will have an Authenticator status of No Authenticator.

    • These users will be required to complete enrollment upon their first login to Oracle EBS.

Part III: Verify MFA (2FA) for Oracle EBS

  1. Open a browser and visit: https://ebs.datawiza.net/

  2. You'll be redirected to the EBS login page. Oracle EBS MFA | EBS Username Password

  3. After successful login, you'll be prompted with the Datawiza MFA challenge. Oracle EBS MFA | MFA Challenge If you enable the JIT user provisioning, newly authenticated users will see the enrollment page immediately after login: Oracle EBS MFA | JIT Enrollment Prompt

  4. After the user successfully completes MFA, they should be able to access Oracle EBS as usual. Oracle EBS MFA | JIT Enrollment Prompt

Copyright © 2024 Datawiza Technologies Inc