Liferay DXP Cloud Console (console.liferay.cloud) currently supports only username/password and SSO authentication. For organizations where SSO is not an option, console access is protected by credentials alone — a significant security gap.
Problem Statement A single compromised admin account can give an attacker full control over deployments, environment variables, database backups, and service configurations across multiple production environments simultaneously. There is no second factor to limit the blast radius of a credential compromise.
Proposed Solution Implement MFA for console.liferay.cloud, including:
-
TOTP-based authenticator app support (Google Authenticator, Authy, etc.)
-
MFA enforcement policy at the organization level
Priority Justification
-
Affects all LCP customers not using SSO
-
Production environment access is at stake
-
Aligns with security baseline expectations for any cloud platform handling enterprise workloads