You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Security Risks of Using Oracle cloud WMS SSO Without MFA

in Warehouse Management

Summary:

We have enabled SSO with MFA; however, users are currently able to bypass MFA by logging in with their email ID and IDCS password. When users select the “Login using SSO” option, they are correctly redirected through the MFA flow. However, if they choose the alternative login option and enter their email ID and IDCS password directly, they are able to access the system without MFA.

The customer has raised concerns about this potential MFA bypass and the associated security risks. We would like to understand how we can enforce SSO with MFA at all times and prevent users from logging in without MFA. If enforcing this is not possible, please advise on the security implications and potential risks of allowing such access.

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!