I want to enable mfa on my account so that my users are forced to have mfa active, how do I do that?
Please see this.
if the user is not IAM does he have to enter in another way? (SAML, Active directory…)
What do you mean “enter in another way”?
sorry, this was a misinterpretation on my part. I now understand how the process works if the user is a user linked to IAM.
As he logs in with aws he has to enable MFA.
How can you do that? i still not understand how it works.
Is the process : Log in AWS console with MFA, then click to quicksight ?
Or login directly to quicksight using URL https://quicksight.aws.amazon.com/ ?
I’ve successfully accomplished the task, my friend! Here’s a brief rundown: Firstly, create a user in IAM, ensuring that they have no CLI access and are not assigned any read-only policies. The only permission they should have is the ability to change passwords and manage multi-factor authentication (MFA) settings. Next, it’s essential to activate MFA for this user, which may require their assistance. Following this, proceed to QuickSight and input the same username as the one you’ve established in IAM. Within QuickSight, you’ll find an option to designate whether the user is an IAM user. Select this option, and you’re all set.
Is there a way to enable MFA for quicksight users without creating an IAM user? I want to be able to register users with Identity-type “quicksight” and enable MFA for them.
Either through console : Managing access for QuickSight and IAM users - Amazon QuickSight or with the API : register_user - Boto3 1.28.1 documentation