Two-factor authentication in the public cloud

Last update: June 04 2025

Two-factor authentication in the public cloud

VMware Cloud Director® supports two authentication methods — through the local user base and through SAML single sign-on (SSO) technology.

You can connect two-factor authentication using any service. With Multifactor you can connect two-factor authentication via SSO for individual users. Local authentication will work in parallel. In Cloud Director, the user base with local access and access via SSO will be shared.

Connect two-factor authentication via Multifactor⁠

1. Install Multifactor.
2. Create a SAML application.
3. Configure the SAML application.
4. Add users.

1. Install Multifactor⁠

1. Register in the Multifactor control panel.
2. Install the Multifactor mobile app.

2. Create a SAML application⁠

1. In the Multifactor control panel, go to Resources.
2. Click Add Resource.
3. In the Site block, select SAML application.
4. Enter the name of the resource.
5. Select an account provider.
6. If you selected Active Directory, enter the portal address.
7. Optional: To automatically create a user in Multifactor when the user is first authorized in Cloud Director, enable the Register new users toggle switch.
8. Optional: To have the system require the user to configure 2FA on their own and prevent them from logging in to Cloud Director without it, check the Enable Self-Configuration/Deny Access checkbox.
9. Click Save.
10. On the SAML Application page, in the Multifactor Metadata block, download the SAML Application metadata file.

3. Customize SAML application⁠

1. From the Control Panel, open the Cloud Director panel: VMware-based Cloud → Cloud Director.

2. Open the Administration tab.

3. Go to Identity Providers → SAML.

4. Click Configure.

5. Open the Service Provider tab.

6. In the Entity ID field, paste the address of your cloud:

   • Moscow - https://vcd-msk.selectel.ru/tenant/<s-xxxx>/
   • St. Petersburg — https://vcd.selectel.ru/tenant/<s-xxxx>/

   Specify <s-xxxx> — the name of the organization, can be viewed in the address bar of Cloud Director or in the Control Panel under VMware-based Cloud in the list of organizations.

7. Open the Identity Provider tab.

8. Enable the Use SAML Identity Provider toggle switch.

9. Upload the SAML application metadata file.

10. Click Save.

11. Open the Service Provider tab.

12. In the Service Provider Metadata field, click Retrieve Metadata. The metadata file is downloaded to your device.

13. In the Multifactor control panel, go to Resources.

14. In the SAML application line, click Options.

15. In the Service Provider block, click Upload Metadata and upload the file.

4. Add users⁠

1. From the Control Panel, open the Cloud Director panel: VMware-based Cloud → Cloud Director.
2. Open the Administration tab.
3. Go to Access Control → Users.
4. Click Import Users.
5. Enter the logins of users who will be able to connect through SSO.
6. Select the role that will be assigned to users.
7. Click Save.

Sign in with two-factor authentication⁠

1. From the Control Panel, open the Cloud Director panel: VMware-based Cloud → Cloud Director.
2. In the upper right corner under , click Log out.
3. The Selectel vCloud Director Logout Page opens.
4. Click Login with Single Sign On.
5. Log in with your vendor account.
6. A one-time code will be sent to the Multifactor app.
7. Enter code.