diff --git a/src/spaceone/identity/manager/token_manager/external_token_manager.py b/src/spaceone/identity/manager/token_manager/external_token_manager.py
index 93c08616..78f930cf 100644
--- a/src/spaceone/identity/manager/token_manager/external_token_manager.py
+++ b/src/spaceone/identity/manager/token_manager/external_token_manager.py
@@ -32,6 +32,7 @@ def authenticate(self, user_id, domain_id, credentials):
 
         endpoint = self.domain_mgr.get_auth_plugin_endpoint_by_vo(self.domain)
         auth_user_info = self._authenticate_with_plugin(endpoint, credentials)
+        credentials['user_id'] = auth_user_info.get('user_id')
 
         _LOGGER.info(f'[authenticate] Authentication success. (user_id={auth_user_info.get("user_id")})')
 
diff --git a/src/spaceone/identity/service/token_service.py b/src/spaceone/identity/service/token_service.py
index bf4b730e..4c68dbe7 100644
--- a/src/spaceone/identity/service/token_service.py
+++ b/src/spaceone/identity/service/token_service.py
@@ -57,8 +57,11 @@ def issue(self, params):
         token_manager = self._get_token_manager(user_id, user_type, domain_id)
         token_manager.authenticate(user_id, domain_id, params['credentials'])
 
+        if user_type == 'EXTERNAL':
+            user_id = params['credentials'].get('user_id')
+
         user_vo = self.user_mgr.get_user(user_id, domain_id)
-        user_mfa = user_vo.mfa if user_vo.mfa else {}
+        user_mfa = user_vo.mfa.to_dict() if user_vo.mfa else {}
 
         if user_mfa.get('state', 'DISABLED') == 'ENABLED':
             if verify_code:
diff --git a/src/spaceone/identity/service/user_service.py b/src/spaceone/identity/service/user_service.py
index 917aa744..4ae40f40 100644
--- a/src/spaceone/identity/service/user_service.py
+++ b/src/spaceone/identity/service/user_service.py
@@ -321,7 +321,7 @@ def enable_mfa(self, params):
         token_manager: LocalTokenManager = self.locator.get_manager('LocalTokenManager')
 
         user_vo = self.user_mgr.get_user(user_id, domain_id)
-        user_mfa = user_vo.mfa.to_dict()
+        user_mfa = user_vo.mfa.to_dict() if user_vo.mfa else {}
 
         if user_mfa.get('state', 'DISABLED') == 'ENABLED':
             raise ERROR_MFA_ALREADY_ENABLED(user_id=user_id)
@@ -358,7 +358,7 @@ def disable_mfa(self, params):
         force = params.get('force', False)
 
         user_vo = self.user_mgr.get_user(user_id, domain_id)
-        user_mfa = user_vo.mfa.to_dict()
+        user_mfa = user_vo.mfa.to_dict() if user_vo.mfa else {}
 
         if user_mfa.get('state', 'DISABLED') == 'DISABLED':
             raise ERROR_MFA_ALREADY_DISABLED(user_id=user_id)
@@ -394,7 +394,7 @@ def confirm_mfa(self, params):
         token_manager: LocalTokenManager = self.locator.get_manager('LocalTokenManager')
 
         if token_manager.check_mfa_verify_code(user_id, domain_id, verify_code):
-            user_mfa = user_vo.mfa.to_dict()
+            user_mfa = user_vo.mfa.to_dict() if user_vo.mfa else {}
             if user_mfa.get('state', 'DISABLED') == 'ENABLED':
                 user_mfa = {'state': 'DISABLED'}
             elif user_mfa.get('state', 'DISABLED') == 'DISABLED':