View Only
  • 1.  Two-Factor Authentication for Oracle EBS iSupplier Portal

    OATUG Star Partner
    Posted 08-11-2021 05:13 PM
    Edited by Andy Haack 08-11-2021 05:15 PM
    One of our customers would like to secure their iSupplier Portal with two factor authentication, e.g. an SMS to a mobile phone or a conformation code sent via email.
    A quick google search shows that there are various solutions on the market.
    Has anyone implemented this before and can share their experience or give a recommendation for a robust and easy to use solution?

    Andy Haack
    Managing Director
    Küsnacht, Switzerland

  • 2.  RE: Two-Factor Authentication for Oracle EBS iSupplier Portal

    CO19 Speaker
    Posted 08-12-2021 07:29 AM
    Hi Andy,

    to my knowledge the only supported solution to achieve this is Oracle Acess Manager or Oracle Identity Cloud Service. Since both can get quite costly (license and effort for setup) for some customers we hacked other (usually pre-existing) SSO solutions (partially also including 2FA) into the EBS/iSupplier login-flow.


    Johannes Michler
    Oracle ACE / Senior Principal Consultant
    PROMATIS Group
    (072) 4321790

  • 3.  RE: Two-Factor Authentication for Oracle EBS iSupplier Portal

    Posted 08-12-2021 08:49 AM

    Hi Andy,


    We reviewed several solutions:


    Solution 1) Traditional EBS SSO


    Requires licensing costs for Oracle Access Manager 11g (OAM) and Oracle Internet Directory 11g (OID) and for a minimum of 4 servers for the production tech stack only. 


    Users are replicated from Active Directory (AD) to OID to EBS.


    Solution 2) Oracle IDCS


    Requires licensing costs for IDS Suite which provides SSO features plus a whole lot of other options.  See


    Users are replicated from AD to IDCS.  You pay and admin two identity management products.


    Solution 3) Pythian Solution


    Non-Proprietary configuration solution to enable SAML-aware reverse proxy.


    Users are not replicated, so you pay for only one identity management product (AD).




    We decided to try Pythian's solution because it was easier to administer and less costly.  The two-factor authentication will be handled by AD. 


    We have not yet started implementation, so I cannot comment on the outcome.  You may use me as a reference if you want to contact Pythian for more details.