How do I increase security in Amazon Cognito by using MFA settings for users and user pools?

2 minute read
0

I want to increase security for my Amazon Cognito users and user pools by implementing multi-factor authentication (MFA). How do I do this?

Short description

MFA settings for Amazon Cognito can be set to off, optional, or required for users and user pools.

If MFA is off, then no users are prompted with an MFA challenge during sign in. If MFA is optional, then MFA is added at the user level. Only users who have MFA configured are prompted with an MFA challenge during sign in. If MFA is required, then each user is prompted with an MFA challenge during sign in.

SMS text messages and time-based one-time passwords (TOTP) are both second authentication factor options for Amazon Cognito users and user pools.

Resolution

1.    Set up MFA for your Amazon Cognito user pool.

Important: The user pool’s MFA settings can change the authentication flow. For more information, see User pool authentication flow.

2.    Set up a second authentication factor for Amazon Cognito users.

To configure SMS text messages as the second factor for users:

To configure TOTP as the second factor for users:

Note: You can use the AWS Command Line Interface (AWS CLI) to associate a TOTP software token MFA and then set TOTP as the second authentication factor. For more information, see How do I activate TOTP MFA for Amazon Cognito user pools?


AWS OFFICIAL
AWS OFFICIALUpdated a year ago