Contact UsTry it for free
© 2025 Direct Cursus Technology L.L.C.

Activating or deactivating an MFA policy

Written by
Updated at November 29, 2025

Note

This feature is at the Preview stage.

Activating an MFA policy

To activate an inactive MFA policy:

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Security settings.
  3. Navigate to the MFA policies tab.
  4. In the MFA policy list, click in the policy row and select Activate.
  5. In the window that opens, confirm the operation.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for activating an MFA policy:

    yc organization-manager mfa-enforcement activate --help

  2. To activate an MFA policy, run this command:

    yc organization-manager mfa-enforcement activate \
  --id <policy_ID>

    Where --id is the ID of the MFA policy you need to activate.

As a result, the MFA policy will be activated and switch to the Active status, and users with accounts added to the policy's target groups will be required to use an additional authentication factor.

Deactivating an MFA policy

To temporarily deactivate an MFA policy:

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Security settings.
  3. Navigate to the MFA policies tab.
  4. In the MFA policy list, click in the policy row and select Suspend.
  5. In the window that opens, confirm the operation.

  1. See the description of the CLI command for deactivating an MFA policy:

    yc organization-manager mfa-enforcement deactivate --help

  2. To deactivate an MFA policy, run this command:

    yc organization-manager mfa-enforcement deactivate \
  --id <policy_ID>

    Where --id is the ID of the MFA policy you need to deactivate.

As a result, the MFA policy will be deactivated and switch to the Inactive status, while users whose accounts belong to the policy's target groups will no longer be required to use an additional authentication factor.

See also

Previous
Updating an MFA policy
Next
Deleting an MFA policy