Login Protection Check
Rule Details
Parameter |
Description |
---|---|
Rule Name |
iam-user-login-protection-enabled |
Identifier |
iam-user-login-protection-enabled |
Description |
If login protection is not enabled for an IAM user, this user is noncompliant. |
Tag |
iam |
Trigger Type |
Configuration change |
Filter Type |
iam.users |
Rule Parameter |
None |
Applicable Scenario
To improve account security and prevent phishing attacks and password leakage, the root or administrative user can enable login protection for IAM users. If login protection is enabled, a verification code will be required in addition to the username and password during login. You can use a mobile number, email address, or virtual MFA for login authentication.
Solution
You can enable login protection for the noncompliant IAM users. For more details, see Login Protection.
Rule Logic
- If an IAM user is in the disabled state, this user is compliant.
- If an IAM user that is enabled has MFA enabled, this user is compliant.
- If an IAM user that is enabled does not have MFA enabled, this user is noncompliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot