Identifying a user's MFA status
The first time that users log in to your account after you enable multifactor authentication (MFA), they must set up their authentication factors. Otherwise, your account is subject to security vulnerabilities and attacks. You can identify the users in your account who don't meet your MFA requirements by generating an MFA status report.
You must have the Administrator role on the IAM Identity Service to view and update the report. The following actions are included in this role.
- The action
iam-identity.mfa-status.get
is required to view the report. - The action
iam-identity.report.create
is required to generate a new report.
Viewing the MFA status of users in the console
To view the MFA status of users in the console, complete the following steps:
-
In the IBM Cloud console, click Manage > Access (IAM), and select MFA status.
-
Click Update report to view the most recent report in your account.
Only the most recent report is available. When you generate a new report, any reports older than a day are deleted.
-
Contact the users in your account who don't satisfy the MFA requirements. Ask them to comply by logging in and setting up factors. For more information, see Managing your authentication factors.