Oracle Access Manager (OAM)

Oracle Access Manager (OAM) is Oracle’s self-hosted web access management and federation platform. It enforces SSO and policies via WebGates (reverse-proxy/agent pattern), issues SAML 2.0 assertions and OIDC/OAuth 2.0 tokens, and integrates with Oracle Advanced Authentication (OAA) for MFA and step-up access.

Key Capabilities

  • Standards-based federation (IdP/SP): Operates as a SAML 2.0 IdP or SP, with admin UI to create partners and export/import SAML metadata for trust establishment.

  • OAuth 2.0 / OpenID Connect provider: Exposes Authorization Code and related flows; OIDC adds ID tokens and discovery metadata. Admin guides cover OAuth domains, client registration, resource definitions, and resource-server setup.

  • Detached Credential Collector (DCC): Enables reverse-proxy login so credentials are collected at the edge while OAM provides centralized SSO services.

  • MFA and step-up via OAA: Integrates Oracle Advanced Authentication to enforce FIDO2/WebAuthn, push, OTP, and step-up rules during authentication and authorization.

Limitations

  • Provisioning scope: OAM focuses on access and federation; identity lifecycle and provisioning are handled by OIG. There is no confirmed native SCIM 2.0 provider in OAM itself.

  • Advanced OAuth profiles: Public materials emphasize core OAuth/OIDC; support for PAR, DPoP, mTLS/FAPI is not clearly documented.

  • Operational complexity: Being self-hosted, you operate WebGates/agents, reverse proxies, certificates, HA, upgrades, and WebLogic/OHS/OAM tuning.

Legacy references: Some older docs mention OpenID 2.0; for modern interoperability, rely on SAML 2.0 and OIDC capabilities.

Customer Identity, Simplified.

No Complexity. No Limits.
Thousands of businesses trust LoginRadius for reliable customer identity. Easy to integrate, effortless to scale.

See how simple identity management can be. Start today!
Free Trial
Contact Sales