diff --git a/apps/assets/api/system_user.py b/apps/assets/api/system_user.py
index 5bf38853d..db0751343 100644
--- a/apps/assets/api/system_user.py
+++ b/apps/assets/api/system_user.py
@@ -14,11 +14,12 @@
 # limitations under the License.
 
 from django.shortcuts import get_object_or_404
+from django.conf import settings
 from rest_framework.response import Response
 
 from common.serializers import CeleryTaskSerializer
 from common.utils import get_logger
-from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser
+from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser, NeedMFAVerify
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.mixins import generics
 from ..models import SystemUser, Asset
@@ -72,6 +73,11 @@ class SystemUserAssetAuthInfoApi(generics.RetrieveAPIView):
     permission_classes = (IsOrgAdminOrAppUser,)
     serializer_class = serializers.SystemUserAuthSerializer
 
+    def get_permissions(self):
+        if settings.CONFIG.SECURITY_VIEW_AUTH_NEED_MFA:
+            self.permission_classes = (IsOrgAdminOrAppUser, NeedMFAVerify)
+        return super().get_permissions()
+
     def get_object(self):
         instance = super().get_object()
         aid = self.kwargs.get('aid')