All Products
Document Center

OpenSearch:How do I enable MFA in OpenSearch?

Last Updated:Sep 15, 2021

Background information

The new version of the OpenSearch console can be accessed from an internal network or the Internet. To reduce risks and improve the security of your application, verification codes are required before you modify the configurations of your application. For example, if you want to perform offline changes or modify intervention dictionaries, verification codes are required.

If multiple users share an account, we recommend that you enable multi-factor authentication (MFA). You can enable MFA on the following page:

After MFA is enabled, you can perform two-factor authentication, as shown in the following figure.1

The following sections describe MFA and show you how to enable and disable MFA.

MFA overview

MFA is a simple and effective authentication method that adds an extra layer of security in addition to the username and password.

After MFA is enabled, to log on to an Alibaba Cloud website, you must first enter the username and password and then the verification code that is dynamically generated by the MFA device. The username and password serve as the first security factor. The verification code serves as the second security factor. Two-factor authentication can better secure your account.

Hardware- or software-based MFA devices are supported. You can use virtual MFA devices that are software-based to log on to the Alibaba Cloud official website.

You can use the Alibaba Cloud app. To download the Alibaba Cloud app, visit the Alibaba Cloud official website and scan the QR code.

The following table describes the MFA applications for various smartphones.

Phone type

MFA application


Google Authenticator. We recommend that you download this application from mainstream application stores.


Google Authenticator.

Windows Phone

Microsoft Authenticator.


Google Authenticator.

Enable MFA

For more information, see

Disable MFA

For more information, see