Help Center/ Identity and Access Management_Identity and Access Management (New Edition)/ User Guide/ Identity/ IAM Users/ Multi-Factor Authentication/ Virtual MFA Device
Updated on 2025-11-07 GMT+08:00
View PDF
Share

Virtual MFA Device

This section describes how to add and unbind a virtual MFA device.

Adding a Virtual MFA Device

Install an authenticator app (such as Google Authenticator or Microsoft Authenticator) on your mobile device.

After you add an MFA device for an account or IAM user, login protection is automatically enabled with the verification method set to the MFA authentication. IAM users can add virtual MFA devices on the IAM console by themselves.

  1. Log in to the new IAM console and choose Users in the navigation pane.
  2. Click a username to go to the user details page.

    Figure 1 Entering the user details page

  3. Click the Security Settings tab and find Multi-factor Authentication (MFA).
  4. Click Add MFA Device.

    Figure 2 Adding an MFA device

  5. On the displayed page, enter a device name. Only letters, digits, hyphens (-), and underscores (_) are allowed.
  6. Select a device type. For this example, select Virtual MFA and click Next.

    Figure 3 Adding a virtual MFA device

  7. Add a virtual MFA device to your MFA application.
  8. Add a virtual MFA device by scanning the QR code or entering the secret key.

    • Scan the QR code

      Open the MFA application on your mobile phone, and use the application to scan the QR code displayed on the Add MFA Device page. Then, the MFA application automatically adds the virtual MFA device.

    • Enter the secret key

      Open the MFA application on your mobile phone, and enter the secret key.

      TOTP-based virtual MFA devices can only be manually added. You are advised to enable automatic time setting on your mobile device.

  9. View the dynamic verification codes on the home page of the MFA application. The codes are updated every 30 seconds.
  10. On the Bind Virtual MFA Device page, enter two consecutive verification codes and click OK.

Obtaining an MFA Verification Code

After a virtual MFA device is added, you need to enter an MFA verification code when logging in to the console.

You can open the virtual MFA device on your mobile phone and get the verification code displayed for the target account or user. Then enter the code on the login page.

Unbinding a Virtual MFA Device

  1. Log in to the new IAM console and choose Users in the navigation pane.
  2. Click a username to go to the user details page.
  3. Click the Security Settings tab and find Multi-factor Authentication (MFA).
  4. Locate the virtual MFA device and click Unbind in the Operation column.
  5. In the displayed dialog box, enter YES.

    Figure 4 Confirming unbinding

  6. Click OK.