Tenant administrator mandatory 2-step verification FAQ
How is 2-step verification changing?
ForgeRock is making 2-step verification mandatory for all Identity Cloud tenant administrators. The option to skip registration for 2-step verification is deprecated and will be removed a year after the deprecation notification date (Friday, February 3, 2023), following the Identity Cloud deprecation and end of life policy.
Will the change to mandatory 2-step verification affect me?
Yes, this change affects all customers. You have until the deprecation end-of-life date (Saturday, February 3, 2024) to update your tenants to make 2-step verification mandatory for all tenant administrators.
How do I prepare my tenants to support 2-step verification?
If you have any automation that relies on the skip option to authenticate to Identity Cloud APIs, it must be updated to use a service account to get an access token.
| Once 2-step verification is enforced, any automation that depends on the skip option will fail authentication. |
How do I enable mandatory 2-step verification for my tenants?
-
Make sure you have updated any automation that authenticates to Identity Cloud APIs to use a service account. Refer to How do I prepare my tenants to support 2-step verification?.
-
Go to the Backstage website, and click Support > Tickets.
-
On the support tickets page, click New Ticket.
-
On the New Ticket page, choose Identity Cloud: Config Request.
-
On the Identity Cloud: Config Request page, provide the following information:
-
Hostname(s)
-
Enter a comma separated list of FQDNs for your development, staging, and production tenant environments, and any sandbox tenant environments.
-
-
What would you like to do?
-
Select
Enforce 2-step verification for tenant administrators
-
-
-
Click Submit to create the support ticket.
-
ForgeRock support turns on the enforcement of 2-step verification for your tenant administrators and then asks you to verify that everything is working as expected.