Amazon Cognito MFA on a user by user basis?

Question

Based on the answer to this question and the documentation it seems like we can enable/disable MFA (TOTP or SMS) on a user by user basis. Just want to confirm that this is the case for both the client API (AWS Amplify) and command line?

Also can we select MFA SMS or TOTP on a user by user basis?

score 1 · Accepted Answer · answered Sep 09 '19 at 21:44

1

Yes.

You can use aws:MultiFactorAuthPresent or aws:MultiFactorAuthAge conditions in an IAM policy on various APIs.

MFA can be set per user too. You shouldn't use SMS 2FA though if it can be avoided.

answered Sep 09 '19 at 21:44

LTPCGO

448
1
4
15

I have set MFA as optional. While signUp some users not received code and there MFA is still disabled.How can i enable this MFA for this type of users? – sejn May 20 '20 at 06:23
Go into your IAM panel and toggle it – LTPCGO May 20 '20 at 09:13
What shall I need to toggle. Can you give any steps. Also can I able to trigger this in the UI code while calling Auth.signUp – sejn May 20 '20 at 09:24
@sejn ran into the same issue, did you find an answer to this? – Yash Kalwani Nov 05 '20 at 11:50
@YashKalwani I didn't get any solution. – sejn Nov 05 '20 at 12:17

Amazon Cognito MFA on a user by user basis?

1 Answers1