Security
May 1, 2018 By Nancy Li 2 min read

IBM Cloud Platform now adds support for Multi-Factor Authentication

In April 2018, IBM Cloud Platform added support for Multi-Factor Authentication (MFA). This adds an extra layer of security to users’ accounts by requiring all users to provide a time-based one-time passcode in addition to their standard IBMid and password when logging in. Having this option enables IT admins to rest a little easier knowing that they’re protecting their company’s network and workloads while keeping access flexible and easy.

How does it work?

The account owner can enable MFA on their account by going to the Manage > Security > Identity and Access > option from the header.  Then selecting Settings tab to see authentication options for the account. 

Please note that when MFA is enabled for the account, all users in the account are required to complete the MFA process next time they log in.  

Once enabling multi-factor authentication for the account, users logging into the account will be asked to install an authenticator application like Google Authenticator or IBM Verify.  If a user is a member to multiple accounts and at least one of those accounts is MFA-enabled, then the user must input MFA before logging into IBM Cloud.

 

Other Considerations:

  • MFA can be configured by the Account Owner on a per account basis and not on individual user IDs

  • Once MFA is enabled for the account, all users in the account are required to complete the MFA process next time they log in

  • MFA is not supported for federated users

  • API Keys for users and Service IDs will continue to work after MFA is enabled

  • Users of native CF CLI or UI login into CF must use API keys or SSO after MFA is enabled on the account

  • Linked Account users who previously configured IaaS IMS 2FA in the Control Portal should consider the following:

    • MFA for your IBM Cloud account extends across the platform and infrastructure services for your linked account, so you might choose to disable the 2FA that applies only to infrastructure resources in your account in favor of the MFA setting option.

    • If you are a federated user, MFA is not supported. Therefore, you might want to retain your 2FA for infrastructure only resources to ensure the security of your resources.

Reference Links:

Was this article helpful?
YesNo
Nancy Li
None

More from Security
April 24, 2024

Data privacy examples

9 min read - An online retailer always gets users' explicit consent before sharing customer data with its partners. A navigation app anonymizes activity data before analyzing it for travel trends. A school asks parents to verify their identities before giving out student information. These are just some examples of how organizations support data privacy, the principle that people should have control of their personal data, including who can see it, who can collect it, and how it can be used. One cannot overstate…

April 24, 2024

How to prevent prompt injection attacks

8 min read - Large language models (LLMs) may be the biggest technological breakthrough of the decade. They are also vulnerable to prompt injections, a significant security flaw with no apparent fix. As generative AI applications become increasingly ingrained in enterprise IT environments, organizations must find ways to combat this pernicious cyberattack. While researchers have not yet found a way to completely prevent prompt injections, there are ways of mitigating the risk.  What are prompt injection attacks, and why are they a problem? Prompt…

April 15, 2024

Building the human firewall: Navigating behavioral change in security awareness and culture

4 min read - The latest findings of the IBM X-Force® Threat Intelligence Index report highlight a shift in the tactics of attackers. Rather than using traditional hacking methods, there has been a significant 71% surge in attacks where criminals are exploiting valid credentials to infiltrate systems. Info stealers have seen a staggering 266% increase in their utilization, emphasizing their role in acquiring these credentials. Their objective is straightforward: exploit the path of least resistance, often through unsuspecting employees, to obtain valid credentials. Organizations…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters