Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/


In the navigation pane, choose Users.


In the User Name list, choose the name of the intended MFA user, e.g. support


Choose the Security credentials tab.


Choose Manage next to Assigned MFA device. A popup windows as below will be prompted:


Select the option "Virtual MFA device", then click the Continue button


Click "Show QR code" 


Keep the above popup window open, and do NOT click any button.

Then, follow the instruction below to program your SafeID token with the QR code

 Click here to expand...

To program a SafeID/Diamond token with a QR code, launch the SafeID/Diamond programming tool


Click the Scan QR Code button


Select Scan Screen.

If succeeded, the Seed box should be filled with the token's seed data.


Now, select your smart card reader from the Reader drop-down list, e.g. "HID OMNIKEY 5427 CK"


Press the Connect button


Now, switch on a SafeID token and place it on the reader. 

The tool will read out the token's serial number and time, and display them:


Press the Burn button


The token is successfully programmed.

Switch off the token and switch it on again to generate a new code

After you have successfully programmed the token with the QR code, you can return to the popup window.

Use the SafeID/Diamond token that you just programmed to generate 2 passcodes, then enter the passcodes in the above window in the MFA code 1 and MFA code 2 entries


Click the "Assign MFA" button. 

If both the MFA code 1 and 2 are correct, then you have completed the setup