Skip to main content

Enable Datawiza MFA (2FA) for Oracle Access Manager

About 4 min

Overview

This guide walks you through configuring Datawiza Multi-Factor Authentication (MFA/2FA) for Oracle Access Manager (OAM). Learn more about configuring Datawiza Multi-Factor Authenticationopen in new window.

Prerequisite

Before proceeding, ensure you have the following:

Part I: Datawiza Cloud Management Console (DCMC) Configuration

Step 1: Sign in to DCMC

  1. Log into the DCMCopen in new window.

Log Into DCMC

Step 2: Create a New Deployment

  1. Navigate to the Deployments tab.
  2. Click + CREATE DEPLOYMENT.
  3. Enter a Name and Description, then click Create.

OAM MFA | Create a New Deployment

Step 3: Add a New Application

  1. Go to the Applications tab and click Create Application.

OAM MFA | Create an New Application

Configure your application with the following values:

  • App Type: WEB.
  • Name: Demo App.
  • Application URL: https://oam.datawiza.net (replace with your own DNS name). The DNS name (e.g., oam.datawiza.net) should resolve to the IP address of the Datawiza Access Proxy (DAP), or to the IP address of the load balancer or reverse proxy that sits in front of the DAP.
  • SSL: Enable SSL and use datawiza self-signed certificate.
  • Listen Port: 443.
  • Upstream Servers: Custom Upstream.
  • Custom Upstream Server Address: http://10.0.1.85:8000 (replace with the actual IP address or hostname of your OAM web server).
  • Click Next.

OAM MFA | Create an New Application

Step 4: Update Access Rules

  1. Go to the Rules tab.
  2. Edit the default access rule and set the Rule Type to Auth Not Required. OAM MFA | Edit Default RuleOAM MFA | Set Rule Type to Not Protected

Step 5: Enable Datawiza MFA

  1. Navigate to the Advanced tab.
  2. Under Advanced Settings, select MFA, then click Create MFA Configuration. OAM MFA | Create MFA Configuration - Step 1
  3. Enter a name and select DATAWIZA as the provider. OAM MFA | Create MFA Configuration - Step 2

Step 6: Generate Provisioning Keys

  1. Click on Deployment Detail. OAM MFA | Deployment Detail

  2. Select the Provisioning Keys tab, then click Create Provisioning Key. OAM MFA | Provisioning Keys

  3. Enter a key name and click Create. OAM MFA | Create Provisioning Key

  4. Save the PROVISIONING_KEY and PROVISIONING_SECRET. You'll use these in your deployment. OAM MFA | Provisioning Key Created

Step 7: Run the Datawiza Access Proxy (DAP)

  1. Go to the Quick Start tab.
  2. Follow Step 1 to install Docker and pull the DAP image.
  3. Follow Step 2 to generate a docker-compose.yaml using your provisioning keys and start the DAP container.

OAM MFA | DAP Quick Start

Part II: MFA User Configuration

Datawiza provides a user management interface for handling MFA users.

Step 1: Add a New MFA User Manually

Go to the Users tab and click + CREATE USER.

Provide the following details:

  • Username: johndoe (We use this user as the example)
  • Status: Active
  • Setup Authentication Methods:
    • You may enable Authenticator, Email OTP, or both.
    • You may also leave this section blank. In that case, the user will select a method during their next login.
  • Click Create.

OAM MFA | Add MFA User

Step 2: Complete MFA Enrollment

If Authenticator is enabled

The user will receive an email containing a setup link. This link guides them through configuring an authenticator app such as Google Authenticator or Microsoft Authenticator. OAM MFA | MFA Setup EmailOAM MFA | MFA Setup Email

If Email OTP is enabled

The user will receive a one-time password (OTP) via email at their next login. OAM MFA | MFA Email OTP

Step 3: (Optional) Enable JIT User Provisioning

To streamline the onboarding process, you can enable Just-In-Time (JIT) user provisioning, which automatically creates a user record the first time a user logs in.

OAM MFA | Enable JIT

Step 4 (Optional): Bulk Upload MFA Users via CSV

Instead of manually creating users one by one, you can bulk upload multiple users using a CSV file. OAM MFA | Upload CSV

CSV Format Example

usernameemailcontactemailgroups
johndoejohndoe@datawiza.comjohndoe@datawiza.comhr
gilgil@datawiza.comgil@datawiza.comeng
billbill@datawiza.combill@datawiza.com
  • username is required and must be unique.
  • email, contactemail, and groups are optional.

OAM MFA | MFA User CSVOAM MFA | Upload CSV

Enrollment via CSV Upload

  • If the "Automatically send an authenticator setup link via email" option is enabled during the CSV upload:

    • Each user will receive a email with setup link.

  • If the user has contanctemail specified in the csv:

    • The user will receive an OTP email and will be required to verify the OTP during their next login to OAM.

Part III: Verify MFA (2FA) for OAM

  1. Open a browser and visit: https://oam.datawiza.net/

  2. You'll be redirected to the OAM login page. OAM MFA | OAM Username Password

  3. After successful login, If the user already has an MFA method configured (Authenticator or Email OTP), they will be prompted with the Datawiza MFA challenge. OAM MFA | MFA ChallengeOAM MFA | MFA Challenge

  4. If the user has multiple MFA methods:

    • They will be shown the method selection screen and can choose any method to verify. OAM MFA | MFA Challenge

  5. After the user successfully completes MFA, they should be able to access OAM as usual. OAM MFA | JIT Enrollment Prompt

If you enable JIT user provisioning, newly authenticated users who do not yet have any MFA method configured will see the method selection page immediately after logging in: OAM MFA | MFA Enrollment They must choose one MFA method to enroll:

Enroll via Authenticator

  • Scan the QR code with an authenticator app.
  • Enter the generated verification code. OAM MFA | MFA Enrollment Authenticator

Enroll via Email OTP

  • Enter an email address. OAM MFA | MFA Enrollment Email OTP
  • An OTP will be sent to the entered email.
  • Enter the OTP to complete enrollment. OAM MFA | MFA Enrollment Email OTP
Copyright © 2025 Datawiza Technologies Inc