How to setup SSO mfa device
MFA can be configured by following the steps below:
After you login using aws access portal URL(client_id.awsapps.com/start/#/), on the upper right corner choose on the drop down menu next to the username
Choose Register device
Choose one of the options of registering a device. Usually it’s authenticator app, or a built-in authenticator if your device supports it.
If you choose authenticator app(the usual choice) you will be forwarded to the following page
Scan the QR code with your app and input the code from the application.
You will be asked for the MFA code on the next login.
Notes:
If you don’t have an MFA device configured, and the administrator has enabled login only with MFA devices, you will be forwarded to the step 4 at the next login attempt. Register the MFA device by following the instructions.
For a list of authenticator apps check this URL: https://docs.aws.amazon.com/singlesignon/latest/userguide/mfa-types.html#mfa-types-apps?icmpid=docs_sso_user_portal
Some common ones are google authenticator, microsoft authenticator, 1password, etc.