Two-factor authentication in the public cloud

Last update: May 30 2026

VMware Cloud Director® supports two authentication methods: local user database and Single Sign-On (SSO) via the SAML protocol.

You can enable two-factor authentication using any service. With the Multifactor solution, you can enable two-factor authentication via SSO for individual users. Local authentication will work in parallel. In Cloud Director, the user database for local access and SSO access will be shared.

Enable two-factor authentication via Multifactor

1. Order and configure Multifactor two-factor authentication.
2. Create a SAML application.
3. Configure the SAML application.
4. Add users.

1. Order and configure Multifactor two-factor authentication

Use the instructions Order and configure Multifactor two-factor authentication.

2. Create a SAML application

1. In the Multifactor control panel, go to Resources.
2. Click Add resource.
3. In the Site block, select SAML application.
4. Enter the resource name.
5. Select an identity provider.
6. If you selected Active Directory, enter the portal address.
7. Optional: to automatically create a user in Multifactor upon their first authorization in Cloud Director, enable the Register new users toggle.
8. Optional: to require the user to self-configure 2FA and prevent authorization in Cloud Director without it, select the Enable self-configuration/Deny access checkbox.
9. Click Save.
10. On the SAML application page, in the Multifactor Metadata block, download the SAML application metadata file.

3. Configure the SAML application

1. From the control panel, open the Cloud Director panel: Cloud powered by VMware → Cloud Director.

2. Open the Administration tab.

3. Go to Identity Providers → SAML.

4. Click Configure.

5. Open the Service Provider tab.

6. In the Entity ID field, paste your cloud address:

   • Moscow — https://vcd-msk.selectel.ru/tenant/<s-xxxx>/
   • Saint Petersburg — https://vcd.selectel.ru/tenant/<s-xxxx>/

   Specify <s-xxxx> — the organization name; you can view it in the Cloud Director address bar or in the control panel under Cloud powered by VMware in the list of organizations.

7. Open the Identity Provider tab.

8. Enable the Use SAML Identity Provider toggle.

9. Upload the SAML application metadata file.

10. Click Save.

11. Open the Service Provider tab.

12. In the Service Provider Metadata field, click Retrieve Metadata. The metadata file will be downloaded to your device.

13. In the Multifactor control panel, go to Resources.

14. In the row with the SAML application, click Settings.

15. In the Service Provider block, click Upload metadata and upload the file.

4. Add users

1. From the control panel, open the Cloud Director panel: Cloud powered by VMware → Cloud Director.
2. Open the Administration tab.
3. Go to Access Control → Users.
4. Click Import Users.
5. Enter the logins of the users who will be able to connect via SSO.
6. Select the role to be assigned to the users.
7. Click Save.

Log in with two-factor authentication

1. From the control panel, open the Cloud Director panel: Cloud powered by VMware → Cloud Director.
2. In the top right corner, in the menu, select Log out.
3. The Selectel vCloud Director Logout Page will open.
4. Click Login with Single Sign On.
5. Sign in with your provider account.
6. A one-time code will be sent to the Multifactor application.
7. Enter the code.