All Products
Search

This Product

    CloudSSO:GetMFAAuthenticationSettingInfo

    Document Center

    CloudSSO:GetMFAAuthenticationSettingInfo

    Last Updated:Mar 17, 2023

    Queries the multi-factor authentication (MFA) setting of all users.

    Operation Description

    Description

    If you enable username-password logon for CloudSSO users, you can also configure MFA for the users.

    This topic provides an example on how to query the MFA setting of all CloudSSO users that belong to the directory named 00q8wbq42wiltcrk****.

    Authorization information

    There is currently no authorization information disclosed in the API.

    Request parameters

    ParameterTypeRequiredDescriptionExample
    DirectoryIdstringNo

    The ID of the directory.

    		u-00q8wbq42wiltcrk****

    For more information about common request parameters, see Common parameters.

    Response parameters

    ParameterTypeDescriptionExample
    object
    RequestIdstring

    The ID of the request.

    		95D3B107-DA80-5B34-A3D0-9E82F8F0DA0E
    MFAAuthenticationSettingInfoobject

    The MFA setting of all users.

    MfaAuthenticationAdvanceSettingsstring

    The MFA policy of all users. Valid value:

    • Enabled: MFA is enabled for all users.
    • Byuser: User-specific settings are applied. For more information about how to configure MFA for a single user, see UpdateUserMFAAuthenticationSettings.
    • Disabled: MFA is disabled for all users.
    • OnlyRiskyLogin: MFA is required only for unusual logons.
    		OnlyRiskyLogin
    OperationForRiskLoginstring

    The MFA policy for unusual logons. Valid values:

    • Autonomous: MFA is prompted for users who initiated unusual logons. However, the users are allowed to skip MFA. If an MFA device is bound to a user who initiated an unusual logon, the user must pass MFA.
    • EnforceVerify: MFA is required. If no MFA devices are bound to a user who initiated an unusual logon, the user must bind an MFA device. If an MFA device is already bound to a user who initiated an unusual logon, the user must pass MFA.
    NoteThis parameter is displayed only when Byuser or OnlyRiskyLogin is returned for the MfaAuthenticationAdvanceSettings parameter.
    		EnforceVerify

    Examples

    Sample success responses

    JSONformat

    {
  "RequestId": "95D3B107-DA80-5B34-A3D0-9E82F8F0DA0E",
  "MFAAuthenticationSettingInfo": {
    "MfaAuthenticationAdvanceSettings": "OnlyRiskyLogin",
    "OperationForRiskLogin": "EnforceVerify"
  }
}

    Error codes

    For a list of error codes, visit the Service error codes.