Identity domains should have an active sign-on policy that enforces MFA for OCI console access
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Description
Multi-factor authentication (MFA) is an essential security control that requires users to provide additional verification beyond passwords. Identity domains should have an active console sign-on policy that enforces MFA for all users to protect against credential-based attacks and unauthorized access. Appropriate sign-on policies should be configured for each identity domain to ensure comprehensive protection across your tenancy. If necessary, the “Exclude users” setting in a sign-on policy rule can be used to exclude “break glass” type emergency access user accounts from MFA requirements.
In identity domain policy settings, update either Security Policy for OCI Console or Default Sign-On Policy, and ensure that the policy has the following settings configured:
- Policy
Status is Activated - At least one policy rule has
Action set to Allow access and Prompt for an additional factor is enabled
Note: Factor settings can be configured to Any factor or Specified factors only as appropriate.
For further guidance on configuring sign-on policies and MFA in OCI Identity Domains, see the Managing Sign-On Policies section of the Oracle Cloud Infrastructure Documentation.
