Multi-factor authentication (MFA) adds an extra layer of protection to the authentication process. After you configure MFA, end users must provide both the username and password combinations and the verification codes sent by virtual MFA devices when they log on to WUYING terminals. This topic describes how to configure MFA.
Background information
MFA is a simple and effective authentication method designed to enhance security. After you configure MFA for an office network, end users must bind virtual MFA devices to their on-premises devices upon their first logon to WUYING terminals. Then, the system verifies user identities based on the following two factors:
First factor: the username and password combination
Second factor: the verification code generated by the virtual MFA device
Time-based One-Time Password (TOTP) is a widely used multi-factor authentication protocol. Applications on mobile phones or other devices that support TOTP are called virtual MFA devices. For example, the Alibaba Cloud app and the Google Authenticator app are virtual MFA devices. If end users bind virtual MFA devices to their on-premises devices, Alibaba Cloud requires them to present a 6-digit verification code generated by the virtual MFA devices upon their logon to verify their identities. This effectively prevents unauthorized access caused by password theft.
WUYING Workspace (Pro Edition) supports software-based virtual MFA devices. You can install virtual MFA devices such as the Alibaba Cloud app on your mobile phone.
Enable MFA for an office network
Log on to the WUYING Workspace (Pro Edition) console.
In the left-side navigation pane, choose
.In the upper-left corner of the top navigation bar, select a region.
On the Office Network (Formerly Workspace) page, find the desired office network and click its ID.
In the upper-right corner of the Other section, click Show and turn on the MFA switch.
NoteMake sure that the Client Logon Verification and SSO switches are turned off.
After you enable MFA for the office network, end users must provide an MFA verification code when they connect to cloud computers in the office network from WUYING terminals.
Unbind a virtual MFA device
After you turn on the MFA switch in the WUYING Workspace Pro Edition console, end users must bind virtual MFA devices to their on-premises devices the first time they log on to WUYING terminals. After end users change their virtual MFA devices, you must delete the original devices in the WUYING Workspace Pro Edition console. After you delete virtual MFA devices, end users must bind new devices upon their next logon to WUYING terminals.
Delete a virtual MFA device of a convenience user
In the left-side navigation pane, choose
.On the User tab of the Manage User page, find the desired end user and click the ⋮ icon in the Actions column. Then, select Manage User MFA Device.
In the Manage User MFA Device dialog box, find the desired virtual MFA device and click Delete in the Actions column. Then, click OK.