Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Use EnableMfaDevice with a CLI

Focus mode
Use EnableMfaDevice with a CLI - AWS Identity and Access Management

The following code examples show how to use EnableMfaDevice.

CLI
AWS CLI

To enable an MFA device

After you use the create-virtual-mfa-device command to create a new virtual MFA device, you can assign the MFA device to a user. The following enable-mfa-device example assigns the MFA device with the serial number arn:aws:iam::210987654321:mfa/BobsMFADevice to the user Bob. The command also synchronizes the device with AWS by including the first two codes in sequence from the virtual MFA device.

aws iam enable-mfa-device \ --user-name Bob \ --serial-number arn:aws:iam::210987654321:mfa/BobsMFADevice \ --authentication-code1 123456 \ --authentication-code2 789012

This command produces no output.

For more information, see Enabling a virtual multi-factor authentication (MFA) device in the AWS IAM User Guide.

PowerShell
Tools for PowerShell

Example 1: This command enables the hardware MFA device with the serial number 987654321098 and associates the device with the user Bob. It includes the first two codes in sequence from the device.

Enable-IAMMFADevice -UserName "Bob" -SerialNumber "987654321098" -AuthenticationCode1 "12345678" -AuthenticationCode2 "87654321"

Example 2: This example creates and enables a virtual MFA device. The first command creates the virtual device and returns the device's object representation in the variable $MFADevice. You can use the .Base32StringSeed or QRCodePng properties to configure the user's software application. The final command assigns the device to the user David, identifying the device by its serial number. The command also synchronizes the device with AWS by including the first two codes in sequence from the virtual MFA device.

$MFADevice = New-IAMVirtualMFADevice -VirtualMFADeviceName "MyMFADevice" # see example for New-IAMVirtualMFADevice to see how to configure the software program with PNG or base32 seed code Enable-IAMMFADevice -UserName "David" -SerialNumber -SerialNumber $MFADevice.SerialNumber -AuthenticationCode1 "24681357" -AuthenticationCode2 "13572468"
  • For API details, see EnableMfaDevice in AWS Tools for PowerShell Cmdlet Reference.

AWS CLI

To enable an MFA device

After you use the create-virtual-mfa-device command to create a new virtual MFA device, you can assign the MFA device to a user. The following enable-mfa-device example assigns the MFA device with the serial number arn:aws:iam::210987654321:mfa/BobsMFADevice to the user Bob. The command also synchronizes the device with AWS by including the first two codes in sequence from the virtual MFA device.

aws iam enable-mfa-device \ --user-name Bob \ --serial-number arn:aws:iam::210987654321:mfa/BobsMFADevice \ --authentication-code1 123456 \ --authentication-code2 789012

This command produces no output.

For more information, see Enabling a virtual multi-factor authentication (MFA) device in the AWS IAM User Guide.

For a complete list of AWS SDK developer guides and code examples, see Using this service with an AWS SDK. This topic also includes information about getting started and details about previous SDK versions.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.