Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
In the navigation pane, choose Users.
In the User Name list, choose the name of the intended MFA user, e.g. support
Choose the Security credentials tab.
Choose Manage next to Assigned MFA device. A popup windows as below will be prompted:
Select the option "Virtual MFA device", then click the Continue button
Click "Show QR code"
Keep the above popup window open, and do NOT click any button.
Then, follow the instruction below to program your SafeID token with the QR code
Click the Scan QR Code button
Select Scan Screen.
If succeeded, the Seed box should be filled with the token's seed data.
Now, select your smart card reader from the Reader drop-down list, e.g. "HID OMNIKEY 5427 CK"
Press the Connect button
Now, switch on a SafeID token and place it on the reader.
The tool will read out the token's serial number and time, and display them:
Switch off the token and switch it on again to generate a new code
After you have successfully programmed the token with the QR code, you can return to the popup window.
Use the SafeID/Diamond token that you just programmed to generate 2 passcodes, then enter the passcodes in the above window in the MFA code 1 and MFA code 2 entries
Click the "Assign MFA" button.
If both the MFA code 1 and 2 are correct, then you have completed the setup