This topic describes how to bind or unbind multi-factor authentication (MFA) devices as CloudSSO users.

Prerequisites

MFA is enabled. For more information, see Enable or disable MFA.

Bind the first MFA device

If MFA is enabled and a user logs on the CloudSSO user portal by using the username-password logon method, the system prompts the user to bind an MFA device.

  1. Download an app that supports MFA devices to a mobile device, such as a mobile phone. For example, you can download Alibaba Cloud or Google Authenticator.
    The Alibaba Cloud app is used in the example.
  2. Log on to the user portal by using the username-password logon method.
  3. On the mobile device, bind an MFA device.
    1. Log on to the Alibaba Cloud app.
    2. Tap My and then Virtual MFA.
    3. Tap + and select a method to bind an MFA device.
      • Scan a QR code to bind an MFA device: Tap Scan QR Code to scan the QR code displayed on the user portal. Then, tap OK. This method is recommended.
        Note You must click Show QR Code on the user portal to view the QR code.
      • Manually bind an MFA device: Tap Manually Bind, enter the username and password displayed on the user portal, and then click OK.
        Note You must click Show Password to view the password.
  4. On the user portal, enter the name of the MFA device.
    You can customize the name or click Use Default Name to use the default name of the MFA device.
  5. On the user portal, enter two consecutive verification codes displayed in the Alibaba Cloud app on the mobile device and click Bind.

Bind the second MFA device

If MFA is enabled, you can bind up to two MFA devices for each user.

  1. Log on to the user portal by using the username-password logon method.
  2. Move the pointer over your profile picture in the upper-right corner of the page and click Manage Virtual MFA Device.
  3. Click Add Device.
  4. Bind the second MFA device.
    For more information, see Bind the first MFA device.

Unbind an MFA device

  1. Log on to the user portal by using the username-password logon method.
  2. Move the pointer over your profile picture in the upper-right corner of the page and click Manage Virtual MFA Device.
  3. Find the MFA device that you want to unbind and click Delete in the Actions column.
  4. In the Delete Virtual MFA Device message, click OK.