Skip to main content

Enable MFA for DW Users

You can enable Multi-Factor Authentication (MFA) for DW users in the DW service units you own by using Terraform scripts.

info

For more details about MFA, see Multi-Factor Authentication.

Prerequisites

Ensure that you are the owner of the target DW service unit. For details about how to create a DW service unit, see Create a DW Service Unit.

Ensure you have obtained the following information:

  • An API key

    How to obtain: Sign in to your Relyt console, choose API Keys from the top navigation bar, and click + API Key to create one.

  • The endpoint for accessing the DW service unit

    For details about how to check endpoints, see Query Endpoints.

Procedure

This section describes how to run a Terraform script to enable MFA for DW users in a DW service unit.

  1. Download the latest Terraform script and configure the needed parameters based on your actual situations.

    terraform {
      required_providers {
        relyt = {
          source = "relytcloud/relyt"
        }
      }
    }


    provider "relyt" {
      role     = "SYSTEMADMIN"
    }


    resource "relyt_dwsu_user_policy" "security_constraints" {
      dwsu_id             = <dwsu_id>
      mfa                 = "MANDATORY"
      reset_init_password = true
    }

    Field description:

    FieldDescription
    sourceThe name of the Relyt plugin. It is fixed to relytcloud/relyt.
    roleThe system role of your Relyt cloud account. It is fixed to SYSTEMADMIN.
    dwsu_idThe ID of the target DW service unit.
    mfaWhether to enable MFA for DW users in the target DW service unit. Possible values are MANDATORY and OPTIONAL. MANDATORY enforces MFA, while OPTIONAL allows it but does not require it.
    reset_init_passwordWhether to force DW users to reset their initial password upon login. true for yes and false for no.

  1. Run the following command to export the auth key.

    export RELYT_AUTH_KEY="<api_key>"

    Replace <api_key> with the API key you have obtained.

  2. Run the following command to initialize the Terraform working directory.

    terraform init

    The operation is successful when similar information appears as shown in the following picture.

  3. Run the following command to apply the module.

    terraform apply --target=module.relyt_dwsu_user_policy

  4. When information similar to the following is displayed, enter yes.