Skip to main content

Enable Duo MFA (2FA) for EBS

About 3 min

Overview

This guide walks you through configuring Duo Multi-Factor Authentication (MFA/2FA) for Oracle E-Business Suite (EBS).

Prerequisite

Before proceeding, ensure you have the following:

Part I: Duo Configuration

Step 1: Sign in to Duo Admin Panel

  1. Log into the Duo Admin Panelopen in new windowLog Into DCMC

Step 2: Protect a New Web SDK Application

  1. Navigate to the Applications tab.

  2. Click Protect An Application. Oracle EBS MFA | Protect a New Application

  3. Search for Web SDK, then click Protect: Oracle EBS MFA | Protect a New Application

  4. Note the following values for later use: Client ID, Client secret, and API hostname. Oracle EBS MFA | Protect a New Application

  5. Click Save: Oracle EBS MFA | Protect a New Application

Part II: Datawiza Cloud Management Console (DCMC) Configuration

Step 1: Sign in to DCMC

  1. Log into the DCMCopen in new window. Log Into DCMC

Step 2: Create a New Deployment

  1. Navigate to the Deployments tab.
  2. Click + CREATE DEPLOYMENT.
  3. Enter a Name and Description, then click Create. Oracle EBS MFA | Create a New Deployment

Step 3: Add a New Application

  1. Go to the Applications tab and click Create Application. Oracle EBS MFA | Create an New Application

Configure your application with the following values:

  • App Type: WEB.
  • Name: Demo App.
  • Application URL: https://ebs.datawiza.net (replace with your own DNS name). This DNS name should match the Site Value setting in your EBS, on the Define Profile Values: Application Authenticate Agent page. The DNS name (e.g., ebs.datawiza.net) should resolve to the IP address of the Datawiza Access Proxy (DAP), or to the IP address of the load balancer or reverse proxy that sits in front of the DAP.
  • SSL: Enable SSL and use datawiza self-signed certificate.
  • Listen Port: 443.
  • Upstream Servers: Custom Upstream.
  • Custom Upstream Server Address: http://10.0.1.85:8000 (replace with the actual IP address or hostname of your EBS web server).
  • Click Next.

Oracle EBS MFA | Create an New Application

Step 4: Update Access Rules

  1. Go to the Rules tab.
  2. Edit the default access rule and set the Rule Type to Not Protected. Oracle EBS MFA | Edit Default RuleOracle EBS MFA | Set Rule Type to Not Protected

Step 5: Enable Datawiza MFA

  1. Navigate to the Advanced tab.
  2. Under Advanced Settings, select MFA, then click Create MFA Configuration. Oracle EBS MFA | Create MFA Configuration - Step 1
  3. Enter a name and select DUO as the provider, enter the Client ID, Client secret, and API hostname we noted down in previous step. Oracle EBS MFA | Create MFA Configuration - Step 2

Step 6: Generate Provisioning Keys

  1. Click on Deployment Detail. Oracle EBS MFA | Deployment Detail

  2. Select the Provisioning Keys tab, then click Create Provisioning Key. Oracle EBS MFA | Provisioning Keys

  3. Enter a key name and click Create. Oracle EBS MFA | Create Provisioning Key

  4. Save the PROVISIONING_KEY and PROVISIONING_SECRET. You'll use these in your deployment. Oracle EBS MFA | Provisioning Key Created

Step 7: Run the Datawiza Access Proxy (DAP)

  1. Go to the Quick Start tab.
  2. Follow Step 1 to install Docker and pull the DAP image.
  3. Follow Step 2 to generate a docker-compose.yaml using your provisioning keys and start the DAP container. Oracle EBS MFA | DAP Quick Start

Part III: Verify MFA (2FA) for Oracle EBS

  1. Open a browser and visit: https://ebs.datawiza.net/

  2. You'll be redirected to the EBS login page. Oracle EBS MFA | EBS Username Password

  3. After successful login, you'll be redirected to Duo MFA challenge page. Oracle EBS MFA | MFA Challenge

  4. After the user successfully completes MFA, they should be able to access Oracle EBS as usual. Oracle EBS MFA | JIT Enrollment Prompt

Copyright © 2024 Datawiza Technologies Inc