Blogarrow Solution Articles

[Oracle Fusion Apps with MFA-auth] How to Automate Dataflows to Power BI, Tableau, Fabric, or ADF Securely using BI Connector with JWT Authentication?

Rajat Thakur
Rajat Thakur · Mar 16, 2026 - 4 Mins Read
arrow Back

In recent times, most organizations using Oracle Fusion have enabled MFA for their Oracle Fusion environments. For new customers, Oracle is enabling the MFA by default for all users. 

MFA requires constant user interaction, such as entering a unique passcode for every sign-in or approving a push notification ultimately defeating the purpose of automation. Hence, the dataflow automation runs into roadblocks.

This scenario puts organizations at a crossroads in choosing between smooth operations and data security. On one hand, the dataflow automation from Oracle Fusion is crucial for the day-to-day business operations from ensuring the survival of the business to comfortably achieving revenue/growth goals. On the other hand, improving data security consistently is unavoidable due to the rise in cybersecurity threats. 

The JWT (JSON Web Token) authentication offers a clear way forward for the organizations in a crossroads. Instead of relying on interactive user prompts, JWT uses a signed token backed by a cryptographic key pair. This means BI Connector can continue accessing Oracle data automatically using a signed token and cryptographic key pair, even in MFA-enabled environments.

BI Connector enables organizations to seamlessly integrate Oracle Fusion Cloud Applications with preferred reporting and analytics tools like Power BI, and Tableau or ETL/Data Warehouse platforms. 

Why JWT Authentication?

JWT (JSON Web Token) is a compact, self-contained token format that allows two parties to securely exchange information. It is an open industry standard (RFC 7519), widely adopted across cloud platforms, APIs, and modern authentication frameworks.

So how does it work? Instead of sending a username and password, the client creates a digitally signed token using a private key. The server then verifies the signature using the corresponding public certificate. If the signature is valid, the server grants access. 

More importantly, Oracle Fusion Cloud Applications support JWT as an authentication mechanism for both REST and SOAP API access. This makes it a natural fit for using the  BI Connector with MFA-enabled Oracle Fusion Cloud environments.

Structure of a JWT Token

Before we dive into the setup, let’s quickly understand what a JWT token looks like. It is made up of three parts:

Header: This contains metadata about the token. For example, the signing algorithm, token type, and a certificate fingerprint that tells the server which public certificate to use for verification.

Payload: This contains the claims. In other words, these are key-value pairs that carry information like who issued the token, who it’s for, when it was issued, and when it expires.

Signature: The header and payload are encoded and signed using the private key. The server then uses this signature to verify that the token is authentic and hasn’t been tampered with.

How to Set Up JWT Authentication for Oracle Fusion Cloud Applications?

The JWT authentication setup for Oracle Fusion Cloud Applications involves three steps:

1. Generate a Key Pair: Using OpenSSL, you generate a private key and a public certificate. The private key is used by BI Connector to sign JWT tokens. The public certificate gets uploaded to both Oracle Fusion Security Console and the OCI Identity Domain for token verification.

2. Register in Oracle Fusion Security Console: You create an API Authentication Provider with a Trusted Issuer name and upload the public certificate. This tells Oracle Fusion to recognize and trust JWT tokens signed by your private key.

3. Create OAuth Confidential Application in OCI Identity Domain: You create a Confidential Application with JWT Assertion as the grant type, upload the same public certificate, and receive a Client ID, Client Secret, Scope, and Key Alias. These are the credentials BI Connector needs to authenticate.

For more detailed steps, please refer to the article How to Set Up JWT Authentication for Oracle Fusion Cloud Applications?.

What’s Next?

Once you’ve generated the key pair, registered the authentication provider, and configured the OAuth application, you’re done with the Oracle side of things.

From here, BI Connector takes over. It uses the credentials from the setup to generate signed JWT tokens internally, authenticate with Oracle Fusion Cloud, and retrieve data, all automatically.

Whether you’re refreshing Power BI dashboards, pulling data into Tableau, loading into Fabric, or running ADF pipelines, the experience remains seamless, just as it was with Basic Auth.

For more details, please refer to the article How to Connect BI Connector to Oracle Fusion Cloud Using JWT Authentication?.

Final Thoughts

Setting up JWT authentication for MFA-enabled Oracle Fusion Cloud Applications is a one-time effort that provides long-term benefits. Once configured, it enables a more secure, seamless integration and automated data flow from the Oracle environment to reporting and analytics platforms via BI Connector.

🚀 Ready to explore how BI Connector can transform your
Oracle Fusion reporting and analytics?
Contact us today

Frequently Asked Questions

What is JWT authentication for Oracle Fusion Cloud?

JWT (JSON Web Token) is a token-based authentication method that uses a signed token instead of a username and password. It allows BI Connector to securely access Oracle Fusion Cloud APIs without requiring interactive login or MFA prompts.

Post Views: 0
Does JWT authentication work with MFA-enabled Oracle environments?

Yes. JWT authentication works with MFA-enabled Oracle Fusion environments, and is extremely useful for integrations involving automated dataflows . Because it uses a cryptographic key pair for signing and verification, it is more secure. For connecting Power BI or Tableau or ADF or Fabric to your MFA-enabled Oracle Fusion pods, the BI Connector works seamlessly with JWT authentications.

Post Views: 0
What credentials are needed to configure BI Connector with JWT?

You will need the following: Client ID, Client Secret, Scope, Key Alias, Private Key, Token Fingerprint (x5t), and Oracle Fusion Cloud username. Here are the steps to set them up as a one-time effort.

Post Views: 0
Where can I find the Domain URL?

Login to the OCI Identity Domain, navigate to Identity & Security → Domains, and select your identity domain. The Domain URL is listed on the domain details page.

Post Views: 0
What type of certificate is required for the JWT authentication setup?

An X.509 certificate is required. Both the Oracle Fusion Security Console and OCI Identity Domain only accept X.509 certificates for JWT token verification. SSH key pairs are not supported.

Post Views: 0
Post Views: 174

Related Articles

How Oracle Fusion Finance Teams Can Get a Complete Asset Register Report Using a Single SQL Query

April 10th, 2026

How Oracle Fusion Finance Teams Can Get a Complete Asset Register Report Using a Single SQL Query

Head Of Content

Ankush Virender

Databricks-Migration-via-ADF-Fabric-Pipelines

March 25th, 2026

Oracle Fusion(ERP, HCM, SCM) to Databricks: How to Fix the Simba Spark Decimal Precision Issue And Automate Pipelines in Minutes?

Head Of Content

Renjith Kumar

April 18th, 2026

The Solution is Here: How BI Connector Fixes the 6 Broken Elements of Oracle Fusion BI Publisher SQL Data Model Development Process

Head Of Content

Shankar

Subscribe to Our Blog

Stay up to date with the latest news and data visualisation
tips from the world of BI Connector

© 2026 Guidanz
  |  
  |