Toggling two-factor authentication for a tenant


  • When enabling two-factor authentication, all users accounts in configured tenant will be required to set up two-factor authentication. This will make them unable to log in until they set it up.

  • For Unit tenants, two-factor authentication setting is inherited from the parent tenant.

  1. Authenticate to the cloud platform via the Python shell.

    The following variables should be available now:

    >>> base_url  # the base URL of the API
    >>> auth  # the 'Authorization' header value with the access token
    {'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImMwMD...'}
    >>> tenant_id  # the UUID of the tenant to which the token provides access
  2. Assign either of the following values to the tenant_id variable – the UUID of a sub-tenant created via the API or a sub-tenant found by its name:

    >>> tenant_id = created_tenant_id
    >>> tenant_id
  3. Define a variable named mfa_status, and then assign an object with the enabled key containing desired status of two-factor authentication to this variable:

    >>> mfa_status = {
    ...     'enabled': True
    ... }
  4. Convert the mfa_status object to a JSON text:

    >>> mfa_status = json.dumps(mfa_status, indent=4)
    >>> print(mfa_status)
        "enabled": true
  5. Send a PUT request with the JSON text to the /tenants/{tenant_id}/mfa/status endpoint:

    >>> response = requests.put(
    ...     f'{base_url}/tenants/{tenant_id}/mfa/status',
    ...     headers={'Content-Type': 'application/json', **auth},
    ...     data=mfa_status,
    ... )
  6. Check the status code of the response:

    >>> response.status_code

    Status code 200 means that the platform has changed the status of two-factor authentication for the tenant.

    A different status code means that an error has occurred. For the details, refer to “Status and error codes”.

    Also, the response body contains the information about the status of the two-factor authentication formatted as a JSON text. When converted to an object, it will look as follows:

    >>> pprint.pprint(response.json())
        "mfa_status": "enabled",
        "users_with_totp_enabled_count": 0,
        "users_count": 1,
        "update_allowed": true