PingOne Advanced Identity Cloud

Tenant administrator mandatory 2-step verification FAQ

How is 2-step verification changing?

Ping Identity is making 2-step verification mandatory for all PingOne Advanced Identity Cloud tenant administrators.

The option to skip registration for 2-step verification is deprecated and will be removed a year after the deprecation notification date (Friday, February 3, 2023), following the Advanced Identity Cloud deprecation and end of life policy.

idcloudui tenant administrator set up 2 step verification skip deprecated

After the option to skip registration is removed, any tenant administrator that has not already set up MFA will be forced to do so the next time they sign in; Advanced Identity Cloud will guide the tenant administrator through the device registration process, with no assistance needed from Backstage Support.

Will the change to mandatory 2-step verification affect me?

Yes, this change affects all customers. You have until the deprecation end-of-life date (Tuesday, April 2, 2024) to update your tenants to make 2-step verification mandatory for all tenant administrators.

How do I prepare my tenants to support 2-step verification?

If you have any automation that relies on the skip option to authenticate to Advanced Identity Cloud APIs, it must be updated to use a service account to get an access token.

After 2-step verification is enforced, any automation that depends on the skip option will fail authentication.

How do I enable mandatory 2-step verification for my tenants?

  1. Make sure you have updated any automation that authenticates to Advanced Identity Cloud APIs to use a service account. Learn more in How do I prepare my tenants to support 2-step verification?.

  2. Open an Advanced Identity Cloud: Config request with Backstage Support.

  3. On the Advanced Identity Cloud: Config Request page, provide values for the following fields:

    Field Value

    Hostname(s)

    Enter a comma-separated list of FQDNs for your sandbox[1], development, UAT[2], staging, and production tenant environments.

    What would you like to do?

    Select Enforce 2-step verification for tenant administrators.

    Do you give permission for ForgeRock to access and make changes to your environment?

    Select Yes to allow ForgeRock to access your environments

  4. Click Submit.

  5. Backstage Support turns on the enforcement of 2-step verification for your tenant administrators and then asks you to verify that everything is working as expected.