It’s more important than ever to protect your assets in the cloud. Many customers already use identity providers like Oracle Identity Cloud Service (IDCS), Microsoft Active Directory Federation Services (AD FS), and Okta to control access to Oracle Cloud Infrastructure. Customers set up multi-factor authentication with these identity providers to help keep out unwanted visitors. Now, we're adding another layer of security by bringing multi-factor authentication to the native Identity and Access Management (IAM) system for Oracle Cloud Infrastructure.
In this release, Oracle Cloud Infrastructure native users can add a temporary one-time password (TOTP) device to their account. All that you need to set up TOTP is a mobile device with a TOTP application like Oracle Mobile Authenticator (available on iTunes and Google Play) and an Oracle Cloud Infrastructure user account. You can use an existing tenant or sign up for a new one.
Sign into your Oracle Cloud Infrastructure tenancy as a native user (that is, don't use any single sign-on federation that you might have set up).
In the upper-right corner of the Console, click the Profile icon and select your profile ID.
Click the Enable Multi-Factor Authentication tab. You are given instructions to install a TOTP app on your mobile device.
Use the barcode scan function in the app to scan the barcode on the Enable Multi-Factor Authentication dialog box in the Console.
Enter the verification code that the app generates into the Verification Code field in the Enable Multi-Factor Authentication dialog box. Then, click Enable and then Close.
You're done! The next time that you sign in to this account, you will be prompted to enter the code from your TOTP app.
If you ever lose the device, any administrator for your tenancy can disable TOTP on your behalf and allow you to sign in. You just need to set up multi-factor authentication again when you sign back in.
And there's more to come as we continue to build additional security capabilities and enhance your ability to securely control access to your Oracle Cloud Infrastructure services.