Multi-factor authentication (AD Connector) for WorkSpaces Personal
You can enable multi-factor authentication (MFA) for your AD Connector directory. For more information about using multi-factor authentication with AWS Directory Service, see Enable multi-factor authentication for AD Connector and AD Connector prerequisites.
Note
- 
                  Your RADIUS server can either be hosted by AWS or it can be on-premises. 
- 
                  The usernames must match between Active Directory and your RADIUS server. 
To enable multi-factor authentication
- Open the WorkSpaces console at https://console.aws.amazon.com/workspaces/v2/home - . 
- 
               In the navigation pane, choose Directories. 
- 
               Select your directory and then choose Actions, Update Details. 
- 
               Expand Multi-Factor Authentication and then select Enable Multi-Factor Authentication. 
- 
               For RADIUS server IP address(es), type the IP addresses of your RADIUS server endpoints separated by commas, or type the IP address of your RADIUS server load balancer. 
- 
               For Port, type the port that your RADIUS server is using for communications. Your on-premises network must allow inbound traffic over the default RADIUS server port (UDP:1812) from AD Connector. 
- 
               For Shared secret code and Confirm shared secret code, type the shared secret code for your RADIUS server. 
- 
               For Protocol, choose the protocol for your RADIUS server. 
- 
               For Server timeout, type the time, in seconds, to wait for the RADIUS server to respond. This value must be between 1 and 50. 
- 
               For Max retries, type the number of times to attempt communication with the RADIUS server. This value must be between 0 and 10. 
- 
               Choose Update and Exit. 
Multi-factor authentication is available when RADIUS status is Enabled. While multi-factor authentication is being set up, users cannot log in to their WorkSpaces.