Tenant administrator mandatory 2-step verification FAQ
ForgeRock is making 2-step verification mandatory for all Identity Cloud tenant administrators.
The option to skip registration for 2-step verification is deprecated and will be removed a year after the deprecation notification date (Friday, February 3, 2023), following the Identity Cloud deprecation and end of life policy.
After the option to skip registration is removed, any tenant administrator that has not already set up MFA will be forced to do so the next time they sign in; Identity Cloud will guide the tenant administrator through the device registration process, with no assistance needed from ForgeRock Support.
Yes, this change affects all customers. You have until the deprecation end-of-life date (Friday, March 1, 2024) to update your tenants to make 2-step verification mandatory for all tenant administrators.
If you have any automation that relies on the skip option to authenticate to Identity Cloud APIs, it must be updated to use a service account to get an access token.
|After 2-step verification is enforced, any automation that depends on the skip option will fail authentication.
Make sure you have updated any automation that authenticates to Identity Cloud APIs to use a service account. Refer to How do I prepare my tenants to support 2-step verification?.
Open an Identity Cloud: Config request with ForgeRock Support.
On the Identity Cloud: Config Request page, provide values for the following fields:
What would you like to do?
Select Enforce 2-step verification for tenant administrators.
Do you give permission for ForgeRock to access and make changes to your environment?
Select Yes to allow ForgeRock to access your environments
ForgeRock Support turns on the enforcement of 2-step verification for your tenant administrators and then asks you to verify that everything is working as expected.