Ole
Reputation: 47112
Amazon Cognito MFA on a user by user basis?
Based on the answer to this question and the documentation it seems like we can enable/disable MFA (TOTP or SMS) on a user by user basis. Just want to confirm that this is the case for both the client API (AWS Amplify) and command line?
Also can we select MFA SMS or TOTP on a user by user basis?
Upvotes: 1
Views: 1244
Answers (1)
LTPCGO
Reputation: 478
Yes.
You can use aws:MultiFactorAuthPresent or aws:MultiFactorAuthAge conditions in an IAM policy on various APIs.
MFA can be set per user too. You shouldn't use SMS 2FA though if it can be avoided.
Upvotes: 1
Related Questions
- Flow for authentication when MFA required for user in AWS Cognito
- AWS Amplify/Cognito- a way to set TOTP MFA on first time user login only
- Enable user mfa in Amazon Cognito from Android
- How can I create 2 different type of users using AWS Cognito?
- AWS Cognito: Is there a method to switch MFA type DURING authentication?
- Adding multi factor authentication with AWS Amplify post signup?
- Handle one user in multiple "accounts" with AWS Cognito?
- Can aws-amplify support multiple concurrent logins that can be switched amongst?
- AWS Cognito - MFA setup
- Cognito & Two Factor Authentication