How can I manage multifactor authentication in my environment?

In environments that don't have MFA enforced, you can enable or disable multi-factor authentication (MFA). An environment is MFA enforced if the Requires MFA option can't be updated. Once MFA is enabled or enforced, a user who hasn't enrolled in MFA will be required to enroll the next time they sign-in to the environment.

You can't disable MFA in the following environments:
  • Environments in a new environment family provisioned with releases 25D or later.
  • Environments that are enforced with MFA enforced after receiving advanced notification from Oracle.
You can enable or disable MFA in the following environments until they become MFA enforced by Oracle:
  • Environments in a new environment family provisioned with releases 25B or 25C after mid April 2025.
  • Environments that have completed identity domain upgrade to OCI IAM.

In a new environment family provisioned with releases 25B or 25C after mid-April 2025, you can make MFA enforcement optional for a user category. When optional, the enrollment page for the user displays a Skip for now option. Selecting it grants users access to the application without enrolling in any of the MFA factors.

To manage the MFA enrollment, go to the Security Console.

  1. On the User Categories page of Security Console, select a user category.
  2. Select Two-Factor Authentication.
  3. Select Edit.
  4. Based on your business need, you can enable or disable MFA in the Enforce MFA Enrollment During Sign-in section by selecting Enforce MFA Enrollment:
    1. Select Required, users must enroll in MFA.

      or

    2. Select Optional, users can skip MFA enrollment.
  5. Select Save and Close