- Newest
- Most votes
- Most comments
When you enable Advanced security with adaptive authentication, cognito decides what actions to take depending on the risk level detected. You can view the risk level for each request in the user event history. To determine the risk level, cognito uses an algorithm that you can train by providing feedback for a misinterpreted decision.
I think in your case you may have a wrong configuration and not an issue with the event history feedback.
Here are some hints:
- Make sure you provide the device and user information so cognito can determine a correct risk level. You can monitor the risk level in the event history. You could try making subsequent login requests using the same device and user information. On the first try, cognito may detect a risk. You can provide feedback that the login attempt was valid. With a second login attempt, cognito should no longer recognize any risk.
- If you select Optional MFA as the action in case of a risk, ensure that MFA is disabled for your user. When you activate MFA for a user, they always receive a challenge to provide or set up a second factor during authentication, regardless of how you configured adaptive authentication.
- Make sure you don't have any other advanced security configured in your client settings. Otherwise, the user pool settings are overridden.
If you have Optional MFA as an action in case of risk and you have users with enabled and disabled MFA in the user pool, users with MFA enabled will always get a challenge. Users with MFA disabled will receive a challenge in case of a risk. For the users with MFA disabled, you should check the detected risks.
For more Information read https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html
Relevant content
- asked 4 months ago
- asked a year ago
AWS OFFICIALUpdated 9 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
