Announcement: Multi-Factor Authentication is now available!
  • IBM Cloud Platform
  • Sydney
    United Kingdom
    US East
    US South
  • Description
    IBM Cloud Platform has added support for Multi-Factor Authentication (MFA). This functionality adds an extra layer of security to your accounts. It requires that all users provide a time-based, one-time passcode to log into the platform in addition to their standard IBMid and password. Having this option enables IT administrators to rest a little easier knowing that they are protecting their company’s network and workloads while keeping access flexible and easy.

    How does it work?
    The account owner can enable MFA in their IBM Cloud account using these steps:
    1. Click Manage > Security > Identity and Access in the IBM Cloud Console.
    2. Click Settings under the Identity & Access menu on the left side to see the authentication options for the account.
    After you enable multi-factor authentication for the account, users that log into the account will be asked to install an authentication application like Google Authenticator or IBM Verify. If a user is a member of multiple accounts and at least one of those accounts is MFA-enabled, then the user must input MFA before logging into IBM Cloud.

    Other Considerations:
    • The Account Owner can configure MFA on a per account basis and not based on individual user IDs.
    • After MFA is enabled for the account, all users in the account are required to complete the MFA process next time they log in.
    • MFA is not supported for federated users.
    • API Keys for users and Service IDs will continue to work after MFA is enabled.
    • Users of the native Cloud Foundry command-line interface or user interface who login into Cloud Foundry must use API keys or SSO after MFA is enabled on the account.
    • Linked account users who previously configured IaaS IMS 2FA in the Control Portal should consider the following information:
      • MFA for your IBM Cloud account extends across the platform and infrastructure services for your linked account. Thus, you might choose to disable the 2FA that applies only to infrastructure resources in your account in favor of the MFA setting option.
      • If you are a federated user, MFA is not supported. Therefore, you might want to retain your 2FA for infrastructure only resources to ensure the security of your resources.
    For more information, see the Enabling multi-factor authentication documentation.

    This information originated in the IBM Cloud Platform now adds support for Multi-Factor Authentication article within the IBM Cloud platform blog.