March 12, 2019 By Ben Lopez
Martin Smolny
Michelle Kaufman
2 min read

Multifactor authentication for IBM Cloud users

We are excited to deliver a highly requested feature to our IBM Cloud account owners that supports multifactor authentication (MFA) for federated IDs. A user with a federated ID can log in by using their corporate or enterprise single sign-on (SSO) ID. The enhanced MFA functionality now allows account owners or users with the administrator role on the billing account management service to enable MFA for all users in the account, whether they have a federated or non-federated ID.

For those unfamiliar with MFA, it is also known as two-factor authentication. It adds an extra layer of security to the login process by requiring a user to provide a time-based, one-time passcode (TOTP) that is set up using an authenticator app in addition to their standard ID and password. To put it simply, MFA support strengthens security by preventing unauthorized account access and protecting your data.

What you need to know about enabling MFA

While this is exciting news, there are a few things all account owners and billing service administrators should know prior to enabling MFA for their users for the first time:

  • When MFA is enabled, users need an authenticator app. We will walk users through how to get the authenticator app on a smartphone device via our UI when they log in. 
  • Any user without an authenticator app won’t be able to log in because after MFA is turned on, every user is required to provide their passcode the next time they log in.
  • If you require MFA for your account and you have users in your account that do not have an IBMid, you must enable one of the other MFA options for that user from their User details page in the IBM Cloud console. For more information, see Types of MFA.
  • If you are using CLI, you must use API keys or SSO after MFA is enabled for the account.

Before you turn on MFA, we recommend alerting all IBM Cloud users of the upcoming change and providing instructions for configuring the authenticator smartphone app. These two practices will help prepare your users for the change and prevent any login delays when you enable MFA. See below for a step-by-step walkthrough:

Spread the news

We are ready when you are. Spread the news to your users and head to the IAM Settings page to take the next step towards stronger security and better flexibility with MFA. For more information on the step-by-step process, check out the documentation. Feel free to use the feedback button located on every page in IBM Cloud to provide feedback. Good or bad, we are listening. Lastly, we welcome you to join us on your hybrid and multicloud journey, and we look forward to constantly improving your experience with IBM Cloud.

Was this article helpful?

More from Cloud

The history of the central processing unit (CPU)

10 min read - The central processing unit (CPU) is the computer’s brain. It handles the assignment and processing of tasks, in addition to functions that make a computer run. There’s no way to overstate the importance of the CPU to computing. Virtually all computer systems contain, at the least, some type of basic CPU. Regardless of whether they’re used in personal computers (PCs), laptops, tablets, smartphones or even in supercomputers whose output is so strong it must be measured in floating-point operations per…

A clear path to value: Overcome challenges on your FinOps journey 

3 min read - In recent years, cloud adoption services have accelerated, with companies increasingly moving from traditional on-premises hosting to public cloud solutions. However, the rise of hybrid and multi-cloud patterns has led to challenges in optimizing value and controlling cloud expenditure, resulting in a shift from capital to operational expenses.   According to a Gartner report, cloud operational expenses are expected to surpass traditional IT spending, reflecting the ongoing transformation in expenditure patterns by 2025. FinOps is an evolving cloud financial management discipline…

IBM Power8 end of service: What are my options?

3 min read - IBM Power8® generation of IBM Power Systems was introduced ten years ago and it is now time to retire that generation. The end-of-service (EoS) support for the entire IBM Power8 server line is scheduled for this year, commencing in March 2024 and concluding in October 2024. EoS dates vary by model: 31 March 2024: maintenance expires for Power Systems S812LC, S822, S822L, 822LC, 824 and 824L. 31 May 2024: maintenance expires for Power Systems S812L, S814 and 822LC. 31 October…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters