Configuring Multi-Factor Authentication

Multi-factor authentication (MFA) in Veeam Backup for AWS is based on the Time-based One-Time Password (TOTP) method that requires users to verify their identity by providing a temporary six-digit code sent by an authentication application to a trusted device.


You cannot enable MFA for a user account whose user identity was obtained from an identity provider.

Enabling MFA

To enable MFA for a user account, do the following:

  1. Switch to the Configuration page.
  1. Navigate to Accounts > Portal Users.
  1. Select the user account and click Enable MFA.
  2. Follow the instructions provided in the MFA Settings window:
  1. Install an authentication application on a trusted device.


Only Google Authenticator is fully supported by Veeam Backup for AWS.

  1. To associate the authentication application with the authorization server, scan the displayed QR code using the camera of the trusted device.
  2. Enter a verification code generated by the authentication application.
  3. Click Apply.

Enabling MFA Settings

Disabling MFA

To disable MFA for a user account, select the account on the Portal Users tab and click Disable MFA.