Multi-Factor Authentication Check
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
iam-user-mfa-enabled |
|
Identifier |
iam-user-mfa-enabled |
|
Description |
If multi-factor authentication is not enabled for an IAM user, this user is noncompliant. |
|
Tag |
iam |
|
Trigger Type |
Configuration change |
|
Filter Type |
iam.users |
|
Configure Rule Parameters |
None |
Applicable Scenario
Multi-factor authentication (MFA) adds an additional layer of security protection on top of the identity credentials for an account. It is recommended that you enable MFA authentication for your account and privileged users created using your account. After MFA authentication is enabled, you need to enter verification codes after your username and password are authenticated. MFA devices, together with your username and password, ensure the security of your account and resources.
Solution
To enable the MFA, you need to install an MFA application (such as the Google Authenticator or Microsoft Authenticator) on your mobile device. For more details, see Binding a Virtual MFA Device.
Rule Logic
- If an IAM user is disabled, this user is compliant.
- If an IAM user is enabled and has MFA enabled, this user is compliant.
- If an IAM user is enabled, but does not have MFA enabled, this user is noncompliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
