Tenant administrator mandatory 2-step verification FAQ
How is 2-step verification changing?
ForgeRock is making 2-step verification mandatory for all Identity Cloud tenant administrators. The option to skip registration for 2-step verification is deprecated and will be removed a year after the deprecation notification date (Friday, February 3, 2023), following the Identity Cloud deprecation and end of life policy.
Will the change to mandatory 2-step verification affect me?
Yes, this change affects all customers. You have until the deprecation end-of-life date (Saturday, February 3, 2024) to update your tenants to make 2-step verification mandatory for all tenant administrators.
How do I prepare my tenants to support 2-step verification?
If you have any automation that relies on the skip option to authenticate to Identity Cloud APIs, it must be updated to use a service account to get an access token.
| Once 2-step verification is enforced, any automation that depends on the skip option will fail authentication. |
How do I enable mandatory 2-step verification for my tenants?
-
Make sure you have updated any automation that authenticates to Identity Cloud APIs to use a service account. Refer to How do I prepare my tenants to support 2-step verification?.
-
Open an Identity Cloud: Config request with ForgeRock Support.
-
On the Identity Cloud: Config Request page, provide values for the following fields:
Field Value Hostname(s)
Enter a comma-separated list of FQDNs for your sandbox[1], development, UAT[2], staging, and production tenant environments.
What would you like to do?
Select Enforce 2-step verification for tenant administrators.
Do you give permission for ForgeRock to access and make changes to your environment?
Select Yes to allow ForgeRock to access your environments
-
Click Submit.
-
ForgeRock Support turns on the enforcement of 2-step verification for your tenant administrators and then asks you to verify that everything is working as expected.