Summary:
- PeopleSoft's Native Support: PeopleSoft, as of PeopleTools versions 8.5x and 8.6x, does not directly support two-factor authentication out-of-the-box.
- Reliance on External Systems: PeopleSoft relies on external security products like Oracle Access Manager (OAM) and Oracle Adaptive Access Manager (OAAM) to provide MFA capabilities. These products can integrate with partner-supported two-factor authentication solutions.
- Signon PeopleCode Limitations: The Signon PeopleCode in PeopleSoft doesn't allow for direct interaction with the browser in a way that would enable a native MFA implementation. Therefore, any integration needs to be an "intercept" rather than a direct customization.
- External Token Servers: Solutions like RSA SecurID, which use tokens, require external time-based token key servers.
- Definition of MFA: The document clarifies that two-factor authentication generally involves "something you know" (like a password) and "something you have" (like a token or mobile app).
- Customization Caution: While Signon PeopleCode allows for custom authentication integrations, Oracle strongly advises against this due to potential security risks.
- Community Feedback: A link to an "Ideas Workspace" community post on the topic is provided, indicating user interest in this feature.
Key Information Explained:
- Two-Factor/Multi-Factor Authentication (MFA): A security measure that requires users to provide two or more verification factors to gain access to an application or system. This adds an extra layer of security beyond just a username and password.
- PeopleTools (PT): The development and runtime environment for PeopleSoft applications.
- Oracle Access Manager (OAM): Oracle's comprehensive access management solution that provides features like single sign-on (SSO), authentication, and authorization.
- Oracle Adaptive Access Manager (OAAM): Oracle's solution for risk-based authentication and fraud detection.
- Signon PeopleCode: PeopleCode that executes during the PeopleSoft sign-on process.
- RSA SecurID: A popular hardware token-based authentication system.
- Intercept: In this context, it means that the MFA solution needs to intercept the authentication process between the user and PeopleSoft, rather than being directly integrated into the application.
In essence, the document states that while PeopleSoft itself doesn't offer built-in MFA, it can be achieved by integrating with external security solutions from Oracle or other vendors.
No comments:
Post a Comment