Enable user mfa in Amazon Cognito from Android

Question

So in Amplify, there isn't a particular way to change user MFA, but I found a way to do it with positive result, via an example in code, and MFA and verifications > Do you want to enable Multi-Factor Authentication (MFA)? to optional. But it does not reflect on the Cognito web management portal - Enable SMS MFA should be Disable SMS MFA

So my question is,

• Is this a good practice?
• How can I really change the MFA setting from Android, which means the Enable SMS MFA should turns to Disable SMS MFA

Answer 1

This isn't something that Amplify Android Auth supports right now. You can log a feature request in their GitHub issues.

If you want to change the MFA configuration at runtime, you could try calling Cognito APIs directly. For example, there is an admin API, AdminSetUserMFAPreference.

Please beware that I haven't tried this personally, and I'm not sure if it will work in a compatible way with Amplify Android Auth.

You have two options to invoke that Cognito API.

1. From the backend (recommended) using whatever language SDK you prefer. Perhaps you can invoke it from a REST API, in an AWS Lambda fuction.
2. From the Android client, using the AWS Android SDK's low-level Cognito IDP client. (See adminSetUserMFAPreference(...) in the aws-android-sdk-cognitoidentityprovider library.)

Both (1) and (2) have security implications for your app. Please be sure that you've thought about who can toggle the permission, when, and whether or not its safe to disable/change MFA.