How Do I Bind a Virtual MFA Device?

Multi-factor authentication (MFA) adds an extra layer of protection on top of your username and password. After you enable MFA-based login authentication, you need to enter a verification code after authenticating your username and password. MFA devices, together with your username and password, ensure the security of your account and resources.

MFA devices can be hardware-or software-based. A virtual MFA device is an application that generates 6-digit verification codes in compliance with the time-based one-time password (TOTP) standard. MFA applications can run on mobile devices (including smartphones) and are easy to use.

Prerequisites

You have installed an MFA application (for example, Huawei Cloud App or Google Authenticator) on your mobile phone.

Procedure

Log in to the IAM console. In the navigation pane on the left, choose Users.
Click a username to go to the user details page.
Select the Security Settings tab and find Multi-factor Authentication (MFA).
Click Add MFA Device.

Figure 1 Adding an MFA device
Enter a device name. Only letters, digits, hyphens (-), and underscores (_) are allowed.
Select an MFA device.
Click Next to go to the Set MFA Device step.
Add an MFA device by scanning the QR code or entering the secret key.
- Scanning the QR code
  Open the MFA application and scan the QR code displayed in the Set MFA Device step. Then the user is added to the MFA device.
- Entering the secret key
  Open the MFA application on your mobile phone, and enter the secret key.
  
  The user can be manually added only with time-based one-time passwords (TOTP). You are advised to enable automatic time setting on your mobile phone.
In the Set MFA Device step, enter two consecutive verification codes and click OK.
View the dynamic codes for MFA on the MFA App. The codes are automatically updated every 30 seconds.