A lesser known capability of the VMware Cloud Console is that we support a number of different authentication policies that can be configured to provide more secure access and/or restrict who can access the different VMware Cloud Services like VMware Cloud on AWS, vSphere+, vSAN+, VMware Cloud Foundation+ or ANY other VMware Cloud Service for that matter within your VMware Cloud Organizations(s)!
To configure the authentication policies, you will need to have the Organization Admin role and then click on "View Organization" under your user name and then navigate to Organization->Authentication Policy. In addition to configuring Multi-Factor Authentication (MFA), users also have the option of configuring IP Address Range (allow/deny rules) and Source Domain (allow) restriction policies as shown in the screenshots below.
For more details, please refer to the official VMware Cloud Services documentation on configuring these different authentication policies.
Lastly, you can also configure Enterprise Federation which allows you to login to the VMware Cloud Console using your desired identity provider, which is another frequently asked question.