Applications

Expand all | Collapse all

Two-Factor Authentication for Oracle EBS iSupplier Portal

  • 1.  Two-Factor Authentication for Oracle EBS iSupplier Portal

    OATUG Star Partner
    Posted 08-11-2021 05:13 PM
    Edited by Andy Haack 08-11-2021 05:15 PM
    One of our customers would like to secure their iSupplier Portal with two factor authentication, e.g. an SMS to a mobile phone or a conformation code sent via email.
    A quick google search shows that there are various solutions on the market.
    Has anyone implemented this before and can share their experience or give a recommendation for a robust and easy to use solution?
    Thanks,
    Andy

    ------------------------------
    Andy Haack
    Managing Director
    Enginatics
    Küsnacht, Switzerland
    andy.haack@enginatics.com
    ------------------------------


  • 2.  RE: Two-Factor Authentication for Oracle EBS iSupplier Portal

    CO19 Speaker
    Posted 08-12-2021 07:29 AM
    Hi Andy,

    to my knowledge the only supported solution to achieve this is Oracle Acess Manager or Oracle Identity Cloud Service. Since both can get quite costly (license and effort for setup) for some customers we hacked other (usually pre-existing) SSO solutions (partially also including 2FA) into the EBS/iSupplier login-flow.

    Regards
    Johannes

    ------------------------------
    Johannes Michler
    Oracle ACE / Senior Principal Consultant
    PROMATIS Group
    Ettlingen
    (072) 4321790
    ------------------------------



  • 3.  RE: Two-Factor Authentication for Oracle EBS iSupplier Portal

    Posted 08-12-2021 08:49 AM

    Hi Andy,

     

    We reviewed several solutions:

     

    Solution 1) Traditional EBS SSO

     

    Requires licensing costs for Oracle Access Manager 11g (OAM) and Oracle Internet Directory 11g (OID) and for a minimum of 4 servers for the production tech stack only. 

     

    Users are replicated from Active Directory (AD) to OID to EBS.

     

    Solution 2) Oracle IDCS

     

    Requires licensing costs for IDS Suite which provides SSO features plus a whole lot of other options.  See https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/oracle-identity-cloud-service.html#GUID-BC4769EE-258A-4B53-AED5-6BA9888C8275

     

    Users are replicated from AD to IDCS.  You pay and admin two identity management products.

     

    Solution 3) Pythian Solution

     

    Non-Proprietary configuration solution to enable SAML-aware reverse proxy.

     

    Users are not replicated, so you pay for only one identity management product (AD).

     

    Summary

     

    We decided to try Pythian's solution because it was easier to administer and less costly.  The two-factor authentication will be handled by AD. 

     

    We have not yet started implementation, so I cannot comment on the outcome.  You may use me as a reference if you want to contact Pythian for more details.