Identity Cloud

Tenant administrator mandatory 2-step verification FAQ

How is 2-step verification changing?

ForgeRock is making 2-step verification mandatory for all Identity Cloud tenant administrators.

The option to skip registration for 2-step verification is deprecated and will be removed a year after the deprecation notification date (Friday, February 3, 2023), following the Identity Cloud deprecation and end of life policy.

idcloudui tenant administrator set up 2 step verification skip deprecated

After the option to skip registration is removed, any tenant administrator that has not already set up MFA will be forced to do so the next time they sign in; Identity Cloud will guide the tenant administrator through the device registration process, with no assistance needed from ForgeRock Support.

Will the change to mandatory 2-step verification affect me?

Yes, this change affects all customers. You have until the deprecation end-of-life date (Tuesday, April 2, 2024) to update your tenants to make 2-step verification mandatory for all tenant administrators.

How do I prepare my tenants to support 2-step verification?

If you have any automation that relies on the skip option to authenticate to Identity Cloud APIs, it must be updated to use a service account to get an access token.

After 2-step verification is enforced, any automation that depends on the skip option will fail authentication.

How do I enable mandatory 2-step verification for my tenants?

  1. Make sure you have updated any automation that authenticates to Identity Cloud APIs to use a service account. Refer to How do I prepare my tenants to support 2-step verification?.

  2. Open an Identity Cloud: Config request with ForgeRock Support.

  3. On the Identity Cloud: Config Request page, provide values for the following fields:

    Field Value


    Enter a comma-separated list of FQDNs for your sandbox[1], development, UAT[2], staging, and production tenant environments.

    What would you like to do?

    Select Enforce 2-step verification for tenant administrators.

    Do you give permission for ForgeRock to access and make changes to your environment?

    Select Yes to allow ForgeRock to access your environments

  4. Click Submit.

  5. ForgeRock Support turns on the enforcement of 2-step verification for your tenant administrators and then asks you to verify that everything is working as expected.

Copyright © 2010-2024 ForgeRock, all rights reserved.