Learn about Redwood and be one of the first to join the conversation

Visit Redwood Community
Cloud IAM permissions for MFA-only local user API access? — Cloud Customer Connect
You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Cloud IAM permissions for MFA-only local user API access?

Received Response
16
Views
7
Comments
edited Jan 20, 2021 2:42PM in Identity 7 comments

Summary

Enforcing MFA on console and API users?

Content

I'm trying to lay foundations in our Oracle cloud. I've figured out a set of groups which give people the right access levels in the right compartments, etc. I've added where request.user.mfaTotpVerified='true' to policy statements to enforce the use of MFA. This all works fine in the web console.

I'm struggling with API users though. It's somewhat expected that API Key connections would not be considered 'TotpVerified', but the same seems to be true for Access Token users too.

Ultimately, I'm looking to:

1) Enforce MFA for all local users. Since there's no workflow way to do this, I'm hoping to let them log in without MFA, but then not be able to actually do anything in the cloud until they've enabled and used MFA (this is an approach we've used successfully in AWS, for example)

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!