- What's New
- Service Overview
- Getting Started
- User Guide
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
- Instance Management
- Access Control Attribute Management
-
Permission Set Management
- Adding a System-defined Identity Policy
- Deleting a Permission Set
- Querying Permission Set Details
- Updating a Permission Set
- Deleting a System-defined Identity Policy
- Querying Details About a Custom Identity Policy
- Adding a Custom Identity Policy
- Deleting a Custom Identity Policy
- Listing Accounts Associated with a Permission Set
- Listing System-defined Identity Policies
- Listing Pre-provisioning Statuses of Permission Sets
- Listing Permission Sets
- Creating a Permission Set
- Listing Permission Sets Provisioned to an Account
- Pre-provisioning a Permission Set
- Querying Pre-attachment Status Details of a Permission Set
- Adding a System-defined Policy
- Deleting a System-defined Policy
- Listing System-defined Policies
-
Account Assignment Management
- Removing Account Assignments
- Querying Details about the Account Assignment Creation Status
- Listing Account Assignment Creation Statuses
- Listing Account Assignment Deletion Statuses
- Listing Users or Groups Associated with an Account and a Permission Set
- Creating Account Assignments
- Querying Details about the Account Assignment Deletion Status
- Tag Management
- User Management
- Group Management
- Group Membership Management
- SCIM User Management
- SCIM Group Management
- Service Provider (SP) Management
- Client Management
- Token Management
- Device Authorization Management
- Authorization Management
- Account Management
- Agency Management
- Credentials Management
- Appendixes
- Change History
- General Reference
Copied.
MFA Overview
What Is Multi-Factor Authentication (MFA)?
Multi-factor authentication (MFA) is a popular method that adds an additional layer of authentication on top of the username and password. If you enable MFA authentication, users need to enter the username and password as well as a verification code before they can log in to the console.
To improve security, you are advised to enable MFA in IAM Identity Center.
Supported MFA Devices
IAM Identity Center supports the following MFA devices:
- Authenticator App
An Authenticator App is a virtual MFA device that can generate 6-digit verification codes in compliance with the Time-based One-time Password Algorithm (TOTP). MFA devices can be hardware- or software-based. Currently, software-based virtual MFA devices are supported. They are application programs running on smart devices such as mobile phones.
- Security key:
A security key is a FIDO2-compatible external hardware authenticator that you can purchase and connect to your device via USB, BLE, or NFC. When you are prompted for MFA, you only need to touch a hardware security key such as YubiKey to verify your identity. The most common security keys (including YubiKey) can create device-bound FIDO credentials.
FIDO2 is a standard based on public key cryptography. It includes CTAP2 and WebAuthn. FIDO credentials have phishing-resistant capabilities because they are unique to websites.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot