When multi-factor authentication (MFA) is enforced, all users in your Organization will be required to provide a six-digit authentication code in addition to their login credentials. To provide the code, they must register an MFA device with VMware Cloud Services. Organization users who fail to provide a valid MFA code will be denied access to the Organization.

If you are an Organization Owner of a federated domain, you do not control MFA for your Organization. MFA for federated domains is configured by an Enterprise Administrator on the identity provider that your company is using. This procedure applies only to non-federated domains.


  • You must have an Organization Owner role in the Organization.
  • You must have registered an MFA device with VMware Cloud Services so that you don't lock yourself out of the Organization after enforcing MFA. For detailed instructions, refer to How do I secure my account using multi-factor authentication.


  1. Log in to Cloud Services Console and click Organization > Authentication Policy.
  2. In the Multi-factor authentication section, click the toggle button so its color changes to green.


MFA is now enforced and all users of your Organization will be required to register an MFA device and provide an MFA token at login.
Note: It might take up to 30 minutes for the policy to take effect in your Organization.