Multi-Factor Authentication (or MFA) can improve security by requiring users to enter two forms of authentication instead of one.


Enabling MFA must be done at two levels:

  1. The Morro Data Account must have MFA enabled.
  2. Individual users must configure MFA for their user accounts.



Enabling MFA for the Morro Data Account

Enabling MFA for the Morro Data account makes the MFA option available to individual user accounts.


  1. Go to the Morro Cloud Manager as a Global or Business Administrator.
  2. In the upper right corner, click on the dropdown icon next to your username, then select Account.
  3. In this page, you will see the Multi-Factor Authentication section:

The MFA Policy Rule setting determines which users can use MFA.  The available settings are Disabled, BA, BA + GA, and All Users.


Select one or more methods to make available as the secondary authentication factor.  Please note that Security Code via SMS may not work with some mobile providers in China.


If "Force the specified users to add MFA" is enabled, users in the category set in the MFA Policy Rule setting will be required to configure MFA the next time they enter the MCM.



Enabling MFA for a User Account

Once MFA is enabled for the Morro Data Account, individual users can configure MFA for their user accounts.

  1. Go to the Morro Cloud Manager as a user or Administrator.
  2. In the upper right corner, click on the dropdown icon next to your username, then select Profile.
  3. MFA will be disabled by default.  Select the desired secondary authentication factor and more options will appear:



One-Time Password (Authenticator)


  1. Download an authenticator app (we recommend Google Authenticator) and scan the barcode.
  2. Enter the current token from the authenticator app into the "Enter token to verify" field and click Save.
  3. Log out from the MCM and log back in.  Verify that MFA is now enabled.


Security Question


  1. Enter your security question.
  2. Enter the answer to your security question.
  3. Click Save.
  4. Log out from the MCM and log back in.  Verify that MFA is now enabled.



Security Code via Email


  1. Enter a valid email address and click Save.
  2. Check the inbox for the email address provided.  You will receive an email with a verification code.  Enter the verification code in the "Enter verification code" field and click Save.
  3. Log out from the MCM and log back in.  Verify that MFA is now enabled.



Security Code via SMS


  1. Please note that Security Code via SMS may not work with some mobile providers in China.
  2. Enter your phone number using the format shown, then click Save.
  3. You will receive an SMS message with a verification code.  Enter the verification code in the "Enter verification code" field and click Save.
  4. Log out from the MCM and log back in.  Verify that MFA is now enabled.



Forcing Users to Configure MFA

If "Force the specified users to add MFA" is enabled, users will see the following screen the next time they login to MCM:



Disabling MFA for a User Account

MFA for a user account can be disabled in the Profile page:


An Administrator can also disable it for a user by going to the Team Page and selecting the user.  The Manage User page has a slider for disabling MFA.