Identity domains should have an active sign-on policy that enforces MFA for OCI console access

Docs > Plateforme de sécurité Datadog > OOTB Rules > Identity domains should have an active sign-on policy that enforces MFA for OCI console access

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

Multi-factor authentication (MFA) is an essential security control that requires users to provide additional verification beyond passwords. Identity domains should have an active console sign-on policy that enforces MFA for all users to protect against credential-based attacks and unauthorized access. Appropriate sign-on policies should be configured for each identity domain to ensure comprehensive protection across your tenancy. If necessary, the “Exclude users” setting in a sign-on policy rule can be used to exclude “break glass” type emergency access user accounts from MFA requirements.

Remediation

In identity domain policy settings, update either Security Policy for OCI Console or Default Sign-On Policy, and ensure that the policy has the following settings configured:

Policy Status is Activated
At least one policy rule has Action set to Allow access and Prompt for an additional factor is enabled

Note: Factor settings can be configured to Any factor or Specified factors only as appropriate.

For further guidance on configuring sign-on policies and MFA in OCI Identity Domains, see the Managing Sign-On Policies section of the Oracle Cloud Infrastructure Documentation.

Identity domains should have an active sign-on policy that enforces MFA for OCI console access

Description

Remediation

How can I help you today?