Ensure that multi-factor authentication is enabled for admin users

Risk Level: High
Cloud Entity: GCP IAM User
CloudGuard Rule ID: D9.GCP.IAM.06
Covered by Spectral: No
Category: Security, Identity, & Compliance

GSL LOGIC

GcpIamUser where userData.isAdmin=true should have userData.isEnforcedIn2Sv=true

REMEDIATION

From Portal

1. Go to Cloud Identity and Access Management (IAM) dashboard at https://console.cloud.google.com/iam-admin/iam.
2. Choose the PERMISSIONS tab, then select View by PRINCIPALS
3. Copy the email address of the Admin users
4. Go to Google Account console at https://myaccount.google.com and sign in using the email address copied at the previous step to access the appropriate user account.
5. In the navigation bar, select Security.
6. On the Security page, in the Signing in to Google section, check 2-Step Verification configuration setting status. set the status to On.
7. Repeat steps no. 3-6 for each Admin user that you want to examine, created for the selected GCP project.

Note: if the role fails because the IAMUser userData is null -

1. It might be because you didn't connect your Google Workspace (G-Suite) account to CloudGuard.
   This can be done through CloudGuard console -> Assets -> Environments -> <Your GCP Project> -> Add GSuite
2. The IAMUser is not part of your organization - which is not recommended, and probably should be removed from your GCP.

References

1. https://support.google.com/accounts/answer/185839
2. https://cloud.google.com/identity/solutions/enforce-mfa
3. https://support.google.com/a/answer/9176657

GCP IAM User

An IAM user is an entity that you create in GCP to represent the person or service that uses it to interact with GCP.

Compliance Frameworks

• CloudGuard GCP All Rules Ruleset
• GCP CloudGuard Best Practices
• GCP GDPR Readiness
• GCP LGPD regulation
• GCP MITRE ATT&CK Framework v12.1
• GCP NIST 800-53 Rev 5
• GCP PCI-DSS 4.0