This article explains whether Multi-Factor Authentication (MFA) is supported natively in Tanzu Kubernetes Guest Clusters and outlines available options for implementing MFA.

• VMware vSphere with Tanzu
• Supervisor 7
• Supervisor 8
• TKG Service

Guest Clusters do not provide native support for MFA. Authentication is handled externally and does not include built-in mechanisms for enforcing MFA.

To enable MFA for Guest Clusters, integration with an external identity provider is required. This can be achieved using tools such as Pinniped, which allows for secure authentication via identity providers that support MFA.

At this time, there are no plans to introduce native MFA support directly within the Guest Cluster architecture.