Sign in to the AWS Management Console and open the IAM console at

In the navigation pane, choose Users.

In the User Name list, choose the name of the intended MFA user, e.g. support

Choose the Security credentials tab.

Choose Manage next to Assigned MFA device. A popup windows as below will be prompted:

Select the option "Virtual MFA device", then click the Continue button

Click "Show QR code" 

Keep the above popup window open, and do NOT click any button.

Then, follow the instruction below to program your SafeID token with the QR code

To program a SafeID/Diamond token with a QR code, launch the SafeID/Diamond programming tool. 

Click the Scan QR Code button

Select Scan Screen.

If succeeded, the Seed box should be filled with the token's seed data.

Now, select your smart card reader from the Reader drop-down list, e.g. "HID OMNIKEY 5427 CK"

Press the Connect button

Now, switch on a SafeID token and place it on the reader. 

The tool will read out the token's serial number and time, and display them:

Press the Burn button

The token is successfully programmed.

Switch off the token and switch it on again to generate a new code

After you have successfully programmed the token with the QR code, you can return to the popup window.

Use the SafeID/Diamond token that you just programmed to generate 2 passcodes, then enter the passcodes in the above window in the MFA code 1 and MFA code 2 entries

Click the "Assign MFA" button. 

If both the MFA code 1 and 2 are correct, then you have completed the setup

Related Articles