top of page

Enabling and disabling Multi-Factor Authentication (MFA) in Oracle Cloud Infrastructure (OCI)

Jun 21, 20242 min read

Enabling and disabling Multi-Factor Authentication (MFA) in Oracle Cloud Infrastructure (OCI) can be done using the OCI Command Line Interface (CLI). Below are the step-by-step commands to achieve this:


### Prerequisites


1. **Install OCI CLI**: Make sure you have the OCI CLI installed and configured. If not, you can follow the instructions [here](https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm).


2. **OCI CLI Configuration**: Ensure your OCI CLI is configured properly with the necessary API keys and user details. You can configure it using `oci setup config`.


### Enabling MFA for a User


1. **Get the User OCID**: First, you need to know the OCID of the user for whom you want to enable MFA.

```sh

oci iam user list --all

```


This will list all users. Note the OCID of the user.


2. **Enable MFA**: Use the following command to enable MFA for the user.


```sh

oci iam mfa enable --user-id <user_ocid>

```


Replace `<user_ocid>` with the actual OCID of the user.


### Disabling MFA for a User


1. **Get the User OCID**: If you don't already have the user's OCID, list all users and find the OCID.


```sh

oci iam user list --all

```


2. **Disable MFA**: Use the following command to disable MFA for the user.


```sh

oci iam mfa disable --user-id <user_ocid>

```


Replace `<user_ocid>` with the actual OCID of the user.


### Example Workflow


#### Enabling MFA


1. **List Users**:


```sh

oci iam user list --all

```


Output:

```json

{

"data": [

{

"compartment-id": "ocid1.tenancy.oc1..aaaaaaaaxxxxxxx",

"description": "User for testing",

"id": "ocid1.user.oc1..aaaaaaaaxxxxxxx",

"name": "testuser",

"lifecycle-state": "ACTIVE"

}

]

}

```


2. **Enable MFA for the User**:


```sh

oci iam mfa enable --user-id ocid1.user.oc1..aaaaaaaaxxxxxxx

```


This command will prompt the user to set up MFA using an authenticator app.


#### Disabling MFA


1. **List Users**:


```sh

oci iam user list --all

```


Output:

```json

{

"data": [

{

"compartment-id": "ocid1.tenancy.oc1..aaaaaaaaxxxxxxx",

"description": "User for testing",

"id": "ocid1.user.oc1..aaaaaaaaxxxxxxx",

"name": "testuser",

"lifecycle-state": "ACTIVE"

}

]

}

```


2. **Disable MFA for the User**:


```sh

oci iam mfa disable --user-id ocid1.user.oc1..aaaaaaaaxxxxxxx

```


### Additional Information


- **Permissions**: Ensure that your OCI user has the necessary permissions to manage MFA settings. You might need policies that allow `MANAGE mfa-family` on users.


- **Documentation**: For more details on the OCI CLI and MFA management, refer to the [OCI CLI Command Reference](https://docs.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/) and the [OCI MFA Documentation](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingusers.htm).


By following these commands, you can efficiently enable and disable MFA for users in your OCI tenancy using the OCI CLI.

55 views

Recent Posts

See All

Comments

AiTech

©2023 by AiTech

bottom of page