in using the Octopus Cloud service, its paramount that the OctopusID login used for the primary administrator/owner has a built-in way of enabling/enforcing 2FA/MFA. Whether that be an authenticator app (MS, google etc) or via email inbox (some might argue email is not best-practice anymore, but it’s a simple workflow in a team environment and much better than nothing at all)
The potential attack vector if our admin account login was comprised is free rein over our deployment infrastructure, and maybe using runbooks to do lots of malicious activity.
Thanks for getting in touch! I noticed that you had a conversation with Cory, one of our Solutions Architects. Cory followed up with the developers and confirmed that we don’t have 2FA currently on the roadmap for OctopusID authentication.
To use 2FA for your cloud instance, you will need to look into using one of our external authentication providers outlined in the authentication provider compatibility list.
I hope that helps to answer your question. If you have any further questions or thoughts on this, please don’t hesitate to let me know.
Hi Daniel - Yes, that’s correct, I had initially been talking to Cory regarding this. The intention of this forum post was to make it more of an official request (is this the right channel to do that?). Is this something your product/sales team would help prioritise for the roadmap in terms of community/customer requests rather than asking your developers?
Regards,
Andrew
Thanks for getting back. I had a look through our internal conversations and I can say that this is absolutely something on the developers radar. We have no official plans to work on this yet, but it might make an appearance in some form next year. It’s connected fairly closely to some other upgrades we have planned, so keep an eye out.
Let me know if you have any further questions or thoughts.