HOWTO: Setup your AWS Multi-Factor Authentication (MFA) using Okta

Mass General Brigham Researchers with existing Amazon Web Services (AWS) accounts must migrate to the MGB AWS Research Control Tower. New requests may also be submitted. 

All access to AWS must be in accordance with MGB Enterprise Security Standards for Cloud-Based Solutions. All access should be through the standard MGB login process, OKTA Single sign-on (SSO), to keep your account secure. See INFO: MGB AWS Research Control Tower Login Process for details. If you are not using SSO, please follow these instructions to enable Multi-Factor Authentication (MFA) with OKTA for your AWS account. 

1. In order to enable Multi-Factor Authentication, you need to log in to AWS account as the root user. Visit and select the log back in button and proceed with your root account login.

2. Choose your account name from the navigation bar on the top right, and then select Security "Security Credentials"

3. Select/Activate MFA Authentication

Click Continue

Open Okta and Scan the bar code presented on the screen.


4. In the Manage MFA Device wizard, in the MFA Code 1 box, enter the six-digit number that's currently displayed by Okta. Wait up to 30 seconds for the device to generate a new number, and then type the new six-digit number into the MFA Code 2 box.

5. Choose Assign MFA, and then choose Finish.


Go to KB0039326 in the IS Service Desk

Related articles