Adding SecurID (hard token) MFA to root account

Question

Is there a way to add a RSA SecurID hard token MFA to the root account? I've tried going through documentation with no luck. Whenever I try to add it I get the following error and have ensured everything is typed in correctly.

Enter image description here

![Enter image description here](/media/postImages/original/IM3XADzVabQOmle7leTf5kWw)

Answer

Please cross-check steps with [Enabling a hardware TOTP token (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html).

Additional resource that may help with a [solution for RSA](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml_3rd-party.html#:~:text=SAML%2Dbased%20SSO.-,RSA,-RSA%20Link) as third-party SAML solution.

- Specifically, [Simplify Identity Access and Assurance Decisions on AWS with RSA SecurID and Session Tags](https://community.rsa.com/t5/securid-community-blog/simplify-identity-access-and-assurance-decisions-on-aws-with-rsa/ba-p/520960)

Answer

Hi  
As per the IAM guide [IAM/MFA](https://aws.amazon.com/iam/features/mfa/) the only hard tokens supported are Thales, as such RSA will not work.  
  
Only options are to go with software token or purchase a new token.

Hope this helps.

Answer

RSA SecurID token will not work, you will require FIDO certified security keys as mentioned in [AWS blog](https://aws.amazon.com/iam/features/mfa/). RSA [ID Plus: DS100 Authenticator](https://www.rsa.com/resources/datasheets/id-plus-ds100-authenticator/) is FIDO certified as mentioned in [FIDO certified product list](https://fidoalliance.org/certification/fido-certified-products/).

Adding SecurID (hard token) MFA to root account

Relevant content