All Products
Search
Document Center

Resource Access Management:Unbind an MFA device from a RAM user

Last Updated:Jan 03, 2025

If you no longer require implementing multi-factor authentication (MFA) on a Resource Access Management (RAM) user, or you want to change the MFA device or MFA method for a RAM user, you can unbind the MFA device from the RAM user.

Note

This topic describes how to unbind an MFA device from a RAM user. If MFA is still required after an MFA device is unbound from a RAM user, the RAM user must bind an MFA device upon the next logon. We recommend that you do not disable MFA for RAM users. If you want to disable MFA for RAM users, you must modify the security settings or console logon settings of RAM users. For more information, see How do I disable MFA for RAM users when they log on to the Alibaba Cloud Management Console?

Warning

After you unbind the MFA device from the RAM user, the RAM user cannot use the MFA device for identity authentication. This compromises account security.

Unbind a virtual MFA device

Unbind a virtual MFA device in the RAM console

You can use an Alibaba Cloud account or a RAM user who has administrative rights to unbind a virtual MFA from a RAM user in the RAM console.

  1. Log on to the RAM console with an Alibaba Cloud account or a RAM user who has administrative rights.

  2. In the left-side navigation pane, choose Identities > Users.

  3. In the User Logon Name/Display Name column, click the username of the RAM user that you want to manage.

  4. In the Security Information Management section of the Authentication tab, click Unbind next to MFA Device.

    image

Unbind a virtual MFA device on the Security page

If RAM users are allowed to manage their MFA devices, the RAM users can perform the following operations to unbind their virtual MFA devices. For more information about how to allow RAM users to manage their MFA devices, see Global security settings.

  1. On the RAM User Logon page, enter the username and password of a RAM user and perform the operations required for logon.

  2. Move the pointer over the profile picture in the upper-right corner and click Security Information.

    image

  3. In the MFA Information section of the Security page, click Unbind next to MFA Device.

    image

  4. In the Auth Virtual MFA Device dialog box, enter the verification code and click OK.

Unbind a U2F security key

Unbind a U2F security key in the RAM console

You can use an Alibaba Cloud account or a RAM user who has administrative rights to unbind a Universal 2nd Factor (U2F) security key from a RAM user in the RAM console.

  1. Log on to the RAM console with an Alibaba Cloud account or a RAM user who has administrative rights.

  2. In the left-side navigation pane, choose Identities > Users.

  3. In the User Logon Name/Display Name column, click the username of the RAM user that you want to manage.

  4. In the Security Information Management section of the Authentication tab, click Unbind next to MFA Device.

Unbind a U2F security key on the Security page

If RAM users are allowed to manage their MFA devices, the RAM users can perform the following operations to unbind their U2F security keys. For more information about how to allow RAM users to manage their MFA devices, see Global security settings.

  1. On the RAM User Logon page, enter the username and password of a RAM user and perform the operations required for logon.

  2. Move the pointer over the profile picture in the upper-right corner and click Security Information.

    image

  3. In the MFA Information section of the Security page, click Unbind next to MFA Device.

References