interface MfaSecondFactor

Language	Type name
.NET	Amazon.CDK.AWS.Cognito.MfaSecondFactor
Go	github.com/aws/aws-cdk-go/awscdk/v2/awscognito#MfaSecondFactor
Java	software.amazon.awscdk.services.cognito.MfaSecondFactor
Python	aws_cdk.aws_cognito.MfaSecondFactor
TypeScript (source)	aws-cdk-lib » aws_cognito » MfaSecondFactor

The different ways in which a user pool can obtain their MFA token for sign in.

See also: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html

Example

new cognito.UserPool(this, 'myuserpool', {
  // ...
  mfa: cognito.Mfa.REQUIRED,
  mfaSecondFactor: {
    sms: true,
    otp: true,
    email: false, // email-based MFA
  },
});

Properties

Name	Type	Description
otp	boolean	The MFA token is a time-based one time password that is generated by a hardware or software token.
sms	boolean	The MFA token is sent to the user via SMS to their verified phone numbers.
email?	boolean	The MFA token is sent to the user via EMAIL.

---

otp

Type: boolean

The MFA token is a time-based one time password that is generated by a hardware or software token.

See also: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html

---

sms

Type: boolean

The MFA token is sent to the user via SMS to their verified phone numbers.

See also: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.html

---

email?

Type: boolean (optional, default: false)

The MFA token is sent to the user via EMAIL.

To enable email-based MFA, set email property to the Amazon SES email-sending configuration and set feturePlan to FeaturePlan.ESSENTIALS or FeaturePlan.PLUS

See also: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.html