VCF Operations for Networks does not natively generate or process Multi-Factor Authentication (MFA) challenges for local user accounts.

However, authentication can be federated to an external Identity Provider (IdP) capable of enforcing adaptive authentication policies.

VCF Operations for Networks

Authentication Architecture

• Identity Provider Integration: VCF Operations for Networks supports Single Sign-On (SSO) integration via VCF Identity Broker (formerly Workspace ONE Access / VMware Identity Manager) or supported enterprise SAML 2.0 Identity Providers (e.g., Azure AD, Okta).
  
  
• Policy Enforcement: The MFA challenge (e.g., TOTP, push notification, hardware token) is executed entirely by the external IdP.
  
  
• Token Exchange: Upon successful MFA validation at the IdP, a secure token is passed back to VCF Operations for Networks to grant access.

How to Implement:

• Please follow the documentation at Configure VMware Identity Manager  to authorize VMware Identity Manager users for accessing VMware VCF Operations for Networks features based on their roles.