Skip to content

Set User Pool Mfa Config

cognitoidentityprovider_set_user_pool_mfa_config R Documentation

Sets the user pool multi-factor authentication (MFA) and passkey configuration

Description

Sets the user pool multi-factor authentication (MFA) and passkey configuration.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Usage

cognitoidentityprovider_set_user_pool_mfa_config(UserPoolId,
  SmsMfaConfiguration, SoftwareTokenMfaConfiguration,
  EmailMfaConfiguration, MfaConfiguration, WebAuthnConfiguration)

Arguments

UserPoolId

[required] The user pool ID.

SmsMfaConfiguration

Configures user pool SMS messages for MFA. Sets the message template and the SMS message sending configuration for Amazon SNS.

SoftwareTokenMfaConfiguration

Configures a user pool for time-based one-time password (TOTP) MFA. Enables or disables TOTP.

EmailMfaConfiguration

Configures user pool email messages for MFA. Sets the subject and body of the email message template for MFA messages. To activate this setting, advanced security features must be active in your user pool.

MfaConfiguration

The MFA configuration. If you set the MfaConfiguration value to ‘ON’, only users who have set up an MFA factor can sign in. To learn more, see Adding Multi-Factor Authentication (MFA) to a user pool. Valid values include:

  • OFF MFA won't be used for any users.

  • ON MFA is required for all users to sign in.

  • OPTIONAL MFA will be required only for individual users who have an MFA factor activated.

WebAuthnConfiguration

The configuration of your user pool for passkey, or webauthN, authentication and registration. You can set this configuration independent of the MFA configuration options in this operation.

Value

A list with the following syntax: 

list(
  SmsMfaConfiguration = list(
    SmsAuthenticationMessage = "string",
    SmsConfiguration = list(
      SnsCallerArn = "string",
      ExternalId = "string",
      SnsRegion = "string"
    )
  ),
  SoftwareTokenMfaConfiguration = list(
    Enabled = TRUE|FALSE
  ),
  EmailMfaConfiguration = list(
    Message = "string",
    Subject = "string"
  ),
  MfaConfiguration = "OFF"|"ON"|"OPTIONAL",
  WebAuthnConfiguration = list(
    RelyingPartyId = "string",
    UserVerification = "required"|"preferred"
  )
)

Request syntax

svc$set_user_pool_mfa_config(
  UserPoolId = "string",
  SmsMfaConfiguration = list(
    SmsAuthenticationMessage = "string",
    SmsConfiguration = list(
      SnsCallerArn = "string",
      ExternalId = "string",
      SnsRegion = "string"
    )
  ),
  SoftwareTokenMfaConfiguration = list(
    Enabled = TRUE|FALSE
  ),
  EmailMfaConfiguration = list(
    Message = "string",
    Subject = "string"
  ),
  MfaConfiguration = "OFF"|"ON"|"OPTIONAL",
  WebAuthnConfiguration = list(
    RelyingPartyId = "string",
    UserVerification = "required"|"preferred"
  )
)