Oracle Adaptive Access Manager – Strong Authentication Overview

Virtual Keyborad from entrust

While accessing my Bank Account (Indian bank ICICI) over Internet,  I noticed Virtual Key Board from Entrustto enter password (good feature but what if by mistake (via phishing email) I land on Phishing Website (duplicate fake ICICI website) with fake Virtual Key Board).

     I wish I could configure virtual keyboard on my ICICI bank website to identify that I am on genuine website with genuine Virtual Keypad. 
  Is this option available in virtual keypad/keyboard from Entrust ? Well… I started hunting for such a product from Oracle’s rich Identity Management Suite and after two days of extensive research I found Bharosa (Trust) now called as Oracle Adaptive Access Manager.

 I looked at Oracle’s Virtual Keyboard device and found feature I was behind (something I can configure with my password and can recognize later that Virtual key board belong to me)

Virtual Keyboard Oracle

Did you notice background on keyboard and word “nice cars” on bottom right ?? 
What is significance of background and word in Virtual Keyboard ?? 

                        Yes, background & keyword on bottom right are configurable option which can help you to identify if Website where you are going to enter your bank details (including virtual key board) is right or not.

 Oracle Adaptive Access Manager is NOT limited to Strong Authentication, there is one more product called Adaptive Risk Manager (I am going to cover on Adaptive Risk Manager later).


Overview of Oracle Adaptive Access Manager

  • Two Component of Oracle Adaptive Access Manager
    Oracle Adaptive Strong Authenticator
    Oracle Adaptive Risk Manager
  • Adaptive Access Manager is product from company called Bharosa (founded in 2003)acquired by Oracle in Oct 2007.
  • Bharosa is hindi word meaning Trust
  • Other vendors in Strong Authentication are RSA (EMC) and Entrust
  • Two components of Oracle Adaptive Access Manager (Strong Authenticator and Risk Manager) can be implemented independently.
  • OAAM (Oracle Adaptive Access Manager) is under Oracle Identity Management suite which is part of Oracle Fusion Middleware Family.  


Various Tools/Devices for Strong Authentication

i) KeyPad– virtual keyboard for passwords, credit card number…Protect against Trojan or key board logging
ii) CheckPad or DocPad – Extra check to view sensitive information
iii) Slider(For Mission Critical Applications) – can protect against mouse logging, screen scaping, over-the-shoulder snoop, camera snoop
iv) TextPad – personalized device for entering PIN

You can find Oracle Adaptive Access Manager Documentation here

More on Oracle Adaptive Access Manager including Online & Offline Adaptive Risk Manager coming soon …

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Oracle Gold Partner specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

rajesh.chaware says February 14, 2009

Thanks, Atul.

Good contents. It would be great if you could add OAAM process flow architecture with steps explained.



rajesh.chaware says February 14, 2009

Hi, Atul.

Can you please let me know if OIF_SP does not have federated user’s data in it’s repository, what are the steps to get attributes in SAML 2.0 mapped to the users data in IdM store at OIF_SP? If it is at all required to have federated users’ data in OIF_SP IdM store then how it is created and used in federation scenario? Pl. let me know, it’s very urgent.



msmitechy says June 12, 2012

I am looking for a OAAM expert in the US, if there is anyone interested consulting please let me know

contact me on

David Richardson says August 7, 2012

Is this for the MDEE job…:)

siva pokuri says February 5, 2014

Hi Atul,

Nice Post.

Quick Question: Most of the clients they prefer to use pass phrases as their password which includes spaces in password. Is it possible to include space bar in virtual key pad?


Siva Pokuri.

Add Your Reply