1 Answer
- Newest
- Most votes
- Most comments
-1
Manual Reconfiguration :-
Disable MFA for the User:
You need to first disable the user's MFA to clear the existing MFA setup.
aws cognito-idp admin-disable-user-mfa \
--user-pool-id <YourUserPoolId> \
--username <Username>
Force a Password Reset (Optional):
You may want to force a password reset to ensure the user updates their security credentials.
aws cognito-idp admin-reset-user-password \
--user-pool-id <YourUserPoolId> \
--username <Username>
Re-enable MFA for the User:
Re-enable MFA for the user after ensuring the old MFA setup is cleared.
aws cognito-idp admin-set-user-mfa-preference \
--user-pool-id <YourUserPoolId> \
--username <Username> \
--software-token-mfa-settings Enabled=true,PreferredMfa=true
User Logs In and Reconfigures MFA:
Instruct the user to log in. They should be prompted to set up MFA again with a new QR code.
Relevant content
- asked 2 years ago
- asked a year ago
- asked a year ago
- AWS OFFICIALUpdated 5 months ago
I tried the solution recommended here, but the user is still not being prompted to setup MFA when it is optional for the user pool.
Does anyone have any suggestions for how to utilize AWS Cognito with optional MFA? If I set MFA to required for the user pool, then users that do not have MFA configured are prompted to setup an MFA method, but there is no way for the user to setup MFA if MFA is optional for the user pool.
Hi Team,
I was trying to replicate the steps, but "admin-disable-user-mfa" is not an option for cognito-idp. Has this workaround changed since you published it?