Virtual MFA Device
This section describes how to bind and unbind a virtual MFA device. If the bound virtual MFA device of an IAM user is deleted or the mobile phone on which it runs is unavailable, you can remove the virtual MFA device for the IAM user.
What Is a Virtual MFA Device?
An MFA device or application generates 6-digit verification codes in compliance with the Time-based One-time Password Algorithm (TOTP). MFA devices can be hardware- or software-based. Currently, software-based virtual MFA devices are supported. They are application programs running on smart devices such as mobile phones.
Binding a Virtual MFA Device
Before binding a virtual MFA device, install an authenticator app (such as Google Authenticator or Microsoft Authenticator) on your mobile device first.
- Go to the Security Settings page.
- Click the Critical Operations tab, and click Bind in the Virtual MFA Device row.
Figure 1 Virtual MFA device
- Set up the MFA application by scanning the QR code or manually entering the secret key.
You can bind a virtual MFA device to your account by scanning the QR code or entering the secret key.
- Scanning the QR code
Open the MFA application on your mobile phone, and use the application to scan the QR code displayed on the Bind Virtual MFA Device page. Your account or IAM user is then added to the application.
- Manually entering the secret key
Open the MFA application on your mobile phone, and enter the secret key.
The user can be manually added only using time-based one-time passwords (TOTP). You are advised to enable automatic time setting on your mobile phone.
- Scanning the QR code
- View the verification codes on the MFA application. The code is automatically updated every 30 seconds.
- On the Bind Virtual MFA Device page, enter two consecutive verification codes and click OK.
- HUAWEI ID
- Go to the Security Settings page.
- Click the Critical Operations tab, and click Bind in the Virtual MFA Device row.
Figure 2 Binding a virtual MFA device
- On the Account & security page of the HUAWEI ID account center, associate an authenticator with your HUAWEI ID as instructed.
- IAM User
IAM users can bind a virtual MFA device on the IAM console. The procedure is the same as that for binding a virtual MFA device for a Huawei Cloud account.
If the administrator has reset the virtual MFA device of an IAM user, or the IAM user logs in to the system for the first time and login protection has been enabled with the virtual MFA device as the verification method, the IAM user needs to bind a virtual MFA device again during the login. The procedure is as follows:
- Log in to the management console as an IAM user.
- In the Login Verification dialog box, click Bind Virtual MFA Device.
Figure 3 Login verification
- On the slide-out panel, follow the prompts to bind a virtual MFA device.
Obtaining an MFA Verification Code
If virtual MFA–based login protection or operation protection is enabled, you need to enter an MFA verification code when you log in to the console or performing a critical operation.
Open the MFA application on your smart device, view the verification code displayed next to your account, and then enter the code on the console.
Unbinding a Virtual MFA Device
You can unbind the virtual MFA device as long as the mobile phone bound to the virtual MFA device is available and the virtual MFA device is still installed on your phone.
- IAM user: If the mobile phone of an IAM user is unavailable or the virtual MFA device has been deleted from the phone, request the administrator to remove the virtual MFA device.
- Account: If the mobile phone associated with the account is unavailable or the virtual MFA device has been deleted from the phone, contact customer service to remove the virtual MFA device.
- Go to the Security Settings page.
- Click the Critical Operations tab, and click Unbind in the Virtual MFA Device row.
If you have upgraded your Huawei Cloud account to a HUAWEI ID, you will be redirected to the HUAWEI ID website. Go to the Account center > Account and security page, and click Disassociate in the Authenticator row in the Security verification area.
- On the Unbind Virtual MFA Device page, enter a verification code generated by the MFA application.
Figure 4 Entering a virtual MFA verification code
- Click OK.
Removing the Virtual MFA Device
Account: If the mobile phone associated with the account is unavailable or the virtual MFA device has been deleted from the phone, contact customer service to remove the virtual MFA device.
IAM user: If the mobile phone of an IAM user is unavailable or the virtual MFA device has been deleted from the user's phone, contact the administrator to remove the virtual MFA device. The administrator needs to perform the following steps:
- Log in to the IAM console.
- On the Users page, click Security Settings in the row containing the user for whom you want to remove the bound virtual MFA device.
- On the Security Settings tab page, click Remove in the Virtual MFA Device row.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot