AWS Directory Service
Administration Guide (Version 1.0)

Multi-Factor Authentication

Multi-factor authentication (MFA) can be enabled for your Microsoft AD and AD Connector directories to help add an extra layer of protection on top of standard username and password authentication mechanisms. When MFA is enabled, users are required to enter an authentication code (the second factor) which is provided by your virtual or hardware MFA solution, in addition to entering their username and password (the first factor). These factors together provide additional security by preventing access to your Amazon Enterprise Applications, unless users supply a valid MFA code.

Supported Amazon Enterprise Applications

All Amazon Enterprise IT Applications including Amazon WorkSpaces, Amazon WorkDocs, Amazon WorkMail, Amazon QuickSight, and access to AWS Single Sign-On and AWS Management Console are supported when using Microsoft AD and AD Connector with MFA.

For information about how to configure basic user access to Amazon Enterprise Applications, AWS Single Sign-On and the AWS Management Console using AWS Directory Service, see Manage Access to AWS Applications and Services and Manage Access to the AWS Management Console.


Related AWS Security Blog Article