All Products
Search
Document Center

Cloud Config:Check whether multi-factor authentication is enabled for RAM user logons

Last Updated:Jun 17, 2026

Checks whether multi-factor authentication (MFA) is enabled for Resource Access Management (RAM) user logons. RAM users without MFA enabled are evaluated as non-compliant.

Scenarios

In enterprise security management, verifying MFA for RAM user logons ensures that only users who pass strict identity verification can perform critical operations and access sensitive data, reducing the risk of unauthorized access.

Risk level

Default risk level: High.

You can change the risk level as needed.

Detection logic

The rule checks whether MFA is enabled for RAM user logons. RAM users without MFA enabled are evaluated as non-compliant.

Rule details

Parameter

Description

Rule name

Check whether MFA is enabled for RAM user logons

Rule identifier

ram-user-mfa-check-v2

Automatic remediation

Not supported

Trigger type

Configuration changes

Supported resource types

ACS::RAM::User

Input parameters

None

Remediation

To enable MFA for a RAM user, see Attach an MFA device to a RAM user.