Huawei Cloud Multi-Factor Authentication Service (Virtual MFA)

Scenario

After the administrator enables virtual multi-factor authentication (MFA), Huawei Cloud virtual MFA is used by default. When an end user uses the account and password to log in to a desktop from Huawei Cloud Workspace client, the end user must pass the MFA using a dynamic verification code.

Prerequisites

Workspace has been subscribed to.

Constraints

The emergency mode is disabled.

The emergency mode is disabled by default.

If the emergency mode is enabled, multi-factor authentication cannot be used. Enter the service ticket information, obtain the emergency mode status of the current tenant, and disable the emergency mode as required. For details, see Submitting a Service Ticket.

Procedure

1. Log in to the Workspace console.

2. In the navigation pane, choose Tenant Configuration > Authentication Configuration.

   The Authentication Configuration page is displayed.

3. Click the Auxiliary Authentication tab. Under Multi-Factor Authentication Configuration, click Enable.
   Figure 1 Enabling MFA
   

4. In the dialog box displayed, click OK. Select Huawei Cloud MFA service for Authentication Server, and select Internet access user or Direct Connect access user for Target Object.
5. Click OK.
   Figure 2 Enabling virtual MFA
   
   

   After the administrator enables virtual MFA, end users need to use the virtual MFA device in a cloud application on a smart device (such as a mobile phone) to obtain a dynamic verification code when logging in to the desktop from the Workspace client. (For the first login, the virtual MFA device must be bound to the smart device.) Then end users need to enter the dynamic verification code on the login page of the Workspace client. For details, see Logging In to a Desktop Using an SC, Logging In to a Desktop Using a TC, Logging In to a Desktop Using a Mobile Terminal.