IBM Cloud Platform now adds support for Multi-Factor Authentication

In April 2018, IBM Cloud Platform added support for Multi-Factor Authentication (MFA). This adds an extra layer of security to users’ accounts by requiring all users to provide a time-based one-time passcode in addition to their standard IBMid and password when logging in. Having this option enables IT admins to rest a little easier knowing that they’re protecting their company’s network and workloads while keeping access flexible and easy.

How does it work?

The account owner can enable MFA on their account by going to the Manage > Security > Identity and Access > option from the header. Then selecting Settings tab to see authentication options for the account.

Please note that when MFA is enabled for the account, all users in the account are required to complete the MFA process next time they log in.

Once enabling multi-factor authentication for the account, users logging into the account will be asked to install an authenticator application like Google Authenticator or IBM Verify. If a user is a member to multiple accounts and at least one of those accounts is MFA-enabled, then the user must input MFA before logging into IBM Cloud.

Other Considerations:

MFA can be configured by the Account Owner on a per account basis and not on individual user IDs

Once MFA is enabled for the account, all users in the account are required to complete the MFA process next time they log in

MFA is not supported for federated users

API Keys for users and Service IDs will continue to work after MFA is enabled

Users of native CF CLI or UI login into CF must use API keys or SSO after MFA is enabled on the account

Linked Account users who previously configured IaaS IMS 2FA in the Control Portal should consider the following:
- MFA for your IBM Cloud account extends across the platform and infrastructure services for your linked account, so you might choose to disable the 2FA that applies only to infrastructure resources in your account in favor of the MFA setting option.
- If you are a federated user, MFA is not supported. Therefore, you might want to retain your 2FA for infrastructure only resources to ensure the security of your resources.

Reference Links:

Enabling multi-factor authentication – https://console.bluemix.net/docs/iam/mfa.html#enablemfa

Tags

Using advanced scan settings in the IBM Cloud Security and Compliance Center

5 min read - Customers and users want the ability to schedule scans at the timing of their choice and receive alerts when issues arise, and we’re happy to make a few announcements in this area today: Scan frequency: Until recently, the IBM Cloud® Security and Compliance Center would scan resources every 24 hours, by default, on all of the attachments in an account. With this release, users can continue to run daily scans—which is the recommended option—but they also have the option for…

Modernizing child support enforcement with IBM and AWS

7 min read - With 68% of child support enforcement (CSE) systems aging, most state agencies are currently modernizing them or preparing to modernize. More than 20% of families and children are supported by these systems, and with the current constituents of these systems becoming more consumer technology-centric, the use of antiquated technology systems is archaic and unsustainable. At this point, families expect state agencies to have a modern, efficient child support system. The following are some factors driving these states to pursue modernization:…

IBM Cloud Databases for Elasticsearch End of Life and pricing changes

2 min read - As part of our partnership with Elastic, IBM is announcing the release of a new version of IBM Cloud Databases for Elasticsearch. We are excited to bring you an enhanced offering of our enterprise-ready, fully managed Elasticsearch. Our partnership with Elastic means that we will be able to offer more, richer functionality and world-class levels of support. The release of version 7.17 of our managed database service will include support for additional functionality, including things like Role Based Access Control…

Connected products at the edge

6 min read - There are many overlapping business usage scenarios involving both the disciplines of the Internet of Things (IoT) and edge computing. But there is one very practical and promising use case that has been commonly deployed without many people thinking about it: connected products. This use case involves devices and equipment embedded with sensors, software and connectivity that exchange data with other products, operators or environments in real-time. In this blog post, we will look at the frequently overlooked phenomenon of…