- What's New
- Service Overview
- Getting Started
- User Guide
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
- Instance Management
- Access Control Attribute Management
-
Permission Set Management
- Adding a System-defined Identity Policy
- Deleting a Permission Set
- Querying Permission Set Details
- Updating a Permission Set
- Deleting a System-defined Identity Policy
- Querying Details About a Custom Identity Policy
- Adding a Custom Identity Policy
- Deleting a Custom Identity Policy
- Listing Accounts Associated with a Permission Set
- Listing System-defined Identity Policies
- Listing Pre-provisioning Statuses of Permission Sets
- Listing Permission Sets
- Creating a Permission Set
- Listing Permission Sets Provisioned to an Account
- Pre-provisioning a Permission Set
- Querying Pre-attachment Status Details of a Permission Set
- Adding a System-defined Policy
- Deleting a System-defined Policy
- Listing System-defined Policies
-
Account Assignment Management
- Removing Account Assignments
- Querying Details about the Account Assignment Creation Status
- Listing Account Assignment Creation Statuses
- Listing Account Assignment Deletion Statuses
- Listing Users or Groups Associated with an Account and a Permission Set
- Creating Account Assignments
- Querying Details about the Account Assignment Deletion Status
- Tag Management
- User Management
- Group Management
- Group Membership Management
- SCIM User Management
- SCIM Group Management
- Service Provider (SP) Management
- Client Management
- Token Management
- Device Authorization Management
- Authorization Management
- Account Management
- Agency Management
- Credentials Management
- Appendixes
- Change History
- General Reference
Show all
Copied.
Enabling MFA
You can enable MFA on the IAM Identity Center console for improved security.
If you are using an external identity provider as the identity source, you will need to configure MFA in that external identity provider. If you are using IAM Identity Center as the identity source, you can configure MFA in IAM Identity Center as follows.
Procedure
- Log in to the Huawei Cloud console.
- Click
in the upper left corner of the page and choose Management & Governance > IAM Identity Center.
- Choose Settings in the navigation pane.
- Click the Authentication tab.
- In Prompt Users for MFA, determine whether to prompt users for MFA based on the level of security that your service needs.
- Only when their sign-in context changes (context-aware)
IAM Identity Center provides users the option to trust their device during login. After a user selects this option, IAM Identity Center prompts the user for MFA once and analyzes the login context (such as device, browser, and IP address) for the user's subsequent logins. IAM Identity Center determines if the user is logging in with a previously trusted context. If the user's login context changes, IAM Identity Center prompts the user for MFA in addition to their username and password.
This mode provides ease of use for users who frequently log in from their workplace, so they do not need to complete MFA on every login. They are only prompted for MFA if their login context changes.
NOTE:
The validity period of the device trust is seven days. After seven days, you will need to perform MFA authentication again.
- Every time they log in (always-on)
IAM Identity Center requires that users with a bound MFA device will be prompted to provide an MFA code every time they log in. You should use this mode if you have organizational or compliance policies that require your users to complete MFA every time they log in to the user portal.
- Never (disabled)
MFA authentication is disabled. All users will log in with their standard username and password only.
Figure 1 Enabling MFA - Only when their sign-in context changes (context-aware)
- Click Save.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot