To use a HashiCorp Enterprise product, you need a valid HashiCorp license. Based on your license, there are features enabled with your Vault Enterprise like Replication, Namespace, MFA ...etc.
You can learn more about Enterprise features here.
If your license is missing one of the features and you are trying to use that feature, you will get the Code: 401. error.
In the example below, a user is trying to enable MFA, but their license does not include that:
$ vault write sys/mfa/method/okta/my_okta \
mount_accessor=auth_okta_0g7fg65k1 \
org_name="orgname22" \
api_token="00U3Ai047hnfe8ef7roMWSgBE0I31CXl3dcF5E"
Error writing data to sys/mfa/method/okta/my_okta: Error making API request.
URL: PUT http://127.0.0.1:8200/v1/sys/mfa/method/okta/my_okta
Code: 401. Errors:
* 1 error occurred:
* Feature Not Enabled
To check your license:
$ vault read sys/license/status
Key Value
--- -----
autoloaded map[expiration_time:2023-03-29T00:00:00Z features:[DR Replication Namespaces Lease Count Quotas Automated Snapshots] license_id:ID performance_standby_count:0 start_time:2022-03-30T00:00:00Z]
autoloading_used true
persisted_autoload map[expiration_time:2023-03-29T00:00:00Z features:[DR Replication Namespaces Lease Count Quotas Automated Snapshots] license_id:ID performance_standby_count:0 start_time:2022-03-30T00:00:00Z]
As you can see above, MFA feature is not included in the license.
Here is another example of a license with more features enabled (including MFA):
$ vault read sys/license/status
Key Value
--- -----
autoloaded map[expiration_time:2027-12-01T00:00:00Z features:[HSM Performance Replication DR Replication MFA Sentinel Seal Wrapping Control Groups Performance Standby Namespaces KMIP Entropy Augmentation Transform Secrets Engine Lease Count Quotas Key Management Secrets Engine Automated Snapshots Key Management Transparent Data Encryption] license_id:ID performance_standby_count:9999 start_time:2021-12-01T00:00:00Z]
autoloading_used true
persisted_autoload map[expiration_time:2027-12-01T00:00:00Z features:[HSM Performance Replication DR Replication MFA Sentinel Seal Wrapping Control Groups Performance Standby Namespaces KMIP Entropy Augmentation Transform Secrets Engine Lease Count Quotas Key Management Secrets Engine Automated Snapshots Key Management Transparent Data Encryption] license_id:ID performance_standby_count:9999 start_time:2021-12-01T00:00:00Z]
With the above license, you will be able to use MFA:
$ vault write sys/mfa/method/okta/my_okta \
mount_accessor=auth_okta_0g7fg65k1 \
org_name="orgname22" \
api_token="00U3Ai047hnfe8ef7roMWSgBE0I31CXl3dcF5E"
Success! Data written to: sys/mfa/method/okta/my_okta
If you noticed a missing feature and you don't see it in your license, please first make sure that the feature is included with your Vault package. You can view the different Vault Packaging here.
If you have the right package but you don't see the feature added to your license, then contact your Customer Success Manager or Account Owner so they can provide you with an updated license that contains that feature.