In AWS IAM, how to require Virtual MFA for users without physical access to their smart phones?

267 views Asked by At

When creating a new user in AWS IAM using web console, for a person that is remote (say, in another country, where the Administrator has no practical access to the new User's smartphone), how can the user account be created so that Virtual MFA is required?

Requiring Virtual MFA is easy when the smartphone is present at the time & place the User Account is created (scan the barcode in the Virtual MFA, then enter two consecutive codes), but it's unclear how this works when the device is not proximate to the Administrator.

  • Does the MFA "Secret Key" have anything to do with this use case?

REGRETS in advance prior to posting this question, I did RTM, yet I am unable to find a clear answer.

2

There are 2 answers

1
Kannaiyan On

This is how I solved it,

Send the QR Code as image to the user. Ask the user to send two consecutive codes from their smart phone.

Enter then into your IAM configuration. All Set and good to go.

0
Ashan On

While creating IAM users, you can enable your users to configure their own credentials and MFA settings.

For step by step guidance, refer this tutorial from AWS.