In order to authenticate users in an Oracle APEX application, you can use the built-in authentication feature, which allows you to define a login page and specify the authentication method you want to use.
Oracle APEX provides various options for authenticating users securely to access the application.
Types of Authentication in Oracle APEX.
Select how this authentication scheme will be applied. The following built-in types are supported (they can be extended using plug-ins):
Open Door Credentials – This enables anyone to access your application using a login page that captures a user name.
Oracle APEX Accounts – Oracle APEX Account Credentials are internal user accounts (also known as “cookie user” accounts) that are created within and managed in the Oracle APEX user repository. When you use this method, your application is authenticated against these accounts.
Database Accounts – This authentication scheme requires that a database user (schema) exists in the local database. When using this method, the user name and password of the database account is used to authenticate the user.
LDAP Directory – Authentication of user/password with an authentication request to an LDAP server.
No Authentication (Using DAD) – Adopts the current database user.
Oracle Application Server Single Sign-On – This delegates authentication to the Oracle AS Single Sign-On (SSO) server. To use this authentication scheme, your site must be registered as a mod_osso partner application with the SSO server, and PL/SQL SSO SDK must be installed in the database.
Custom – Enables you to create a custom authentication scheme from scratch, giving you complete control over your authentication interface.
HTTP Header Variable – Authenticate externally, where the username is stored in an HTTP header variable set by the web server.
SAML Sign-In – Supports authentication with a SAML2 identity irovider. Instance administrators must first enable this authentication scheme and enter configuration parameters.
Social Sign-In – Supports authentication with Google, Facebook, generic OpenID Connect, and generic OAuth2 identity providers.