Automating the MFA Device Activation for IAM Users

amazon-web-services amazon-iam

Solution 1:

My solution to this is a two step activation process for new users:

  1. Create the user with enough rights to change their password and update their MFA. Tell them they need to update their MFA. They do not get into their 'real' groups yet.
  2. Have a polling script that runs periodically. If a user has their MFA activated, they get added to their designated groups.

Users who don't update their MFA will be able to do... nothing. When they complain, send them the reminder of how to update their MFA. When they come back with OK, I've done it, run the #2 script.

Related

Looking to replace Ghost with FSArchiver or Clonezilla, few questions about capabilities
How do you autostart a KVM VM with virt-manager? [duplicate]
Is there a way to keep ClamAV updated on Debian 8?
Mongoose - Create document if not exists, otherwise, update- return document in either case
Error: Couldn't find preset "es2015" relative to directory "/Users/username"
How to include a config file in the "META-INF/services" folder of a JAR using Maven
How to enable core dump in my Linux C++ program [duplicate]
How can I get the name of the command called for usage prompts in Ruby?
Safest way to run BAT file from Powershell script
Spring Boot: Overriding favicon
TypeScript Import Path Alias
Best method to set different layout for different pages in angular 4