All Products
Search

This Product

    CloudSSO:GetMFAAuthenticationSettingInfo

    Document Center

    CloudSSO:GetMFAAuthenticationSettingInfo

    Last Updated:Jun 14, 2024

    Queries the multi-factor authentication (MFA) setting of all users.

    Operation description

    If you enable username-password logon for CloudSSO users, you can also configure MFA for the users.

    This topic provides an example on how to query the MFA setting of all CloudSSO users that belong to the directory named 00q8wbq42wiltcrk****.

    Debugging

    OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

    Authorization information

    There is currently no authorization information disclosed in the API.

    Request parameters

    ParameterTypeRequiredDescriptionExample
    DirectoryIdstringYes

    The ID of the directory.

    		u-00q8wbq42wiltcrk****

    Response parameters

    ParameterTypeDescriptionExample
    object

    The response parameters.

    RequestIdstring

    The ID of the request.

    		95D3B107-DA80-5B34-A3D0-9E82F8F0DA0E
    MFAAuthenticationSettingInfoobject

    The MFA setting of all users.

    MfaAuthenticationAdvanceSettingsstring

    The MFA policy of all users. Valid values:

    • Enabled: MFA is enabled for all users.
    • Byuser: User-specific settings are applied. For more information about how to configure MFA for a single user, see UpdateUserMFAAuthenticationSettings .
    • Disabled: MFA is disabled for all users.
    • OnlyRiskyLogin: MFA is required only for unusual logons.
    		OnlyRiskyLogin
    OperationForRiskLoginstring

    The MFA policy for unusual logons. Valid values:

    • Autonomous: MFA is prompted for users who initiated unusual logons. However, the users are allowed to skip MFA. If an MFA device is bound to a user who initiated an unusual logon, the user must pass MFA.
    • EnforceVerify: MFA is required. If no MFA devices are bound to a user who initiated an unusual logon, the user must bind an MFA device. If an MFA device is already bound to a user who initiated an unusual logon, the user must pass MFA.
    Note This parameter is displayed only when Byuser or OnlyRiskyLogin is returned for the MfaAuthenticationAdvanceSettings parameter.
    		EnforceVerify

    Examples

    Sample success responses

    JSONformat

    {
  "RequestId": "95D3B107-DA80-5B34-A3D0-9E82F8F0DA0E",
  "MFAAuthenticationSettingInfo": {
    "MfaAuthenticationAdvanceSettings": "OnlyRiskyLogin",
    "OperationForRiskLogin": "EnforceVerify"
  }
}

    Error codes

    For a list of error codes, visit the Service error codes.

    Change history

    Change timeSummary of changesOperation
    No change history