How to reset MFA for user

Hi I have a user in our Users console who seems to have MFA set up whenever he logs in. He does not have access to that MFA device any more. But when I use my root credentials to look at the user, it does not show that MFA is set up for him. I am not sure how to clear his MFA and let him log in via password only, or how to remove any existing MFA device and add a new one.

Topics

Security, Identity, & Compliance AWS Well-Architected Framework

Tags

AWS Identity and Access Management AWS IAM Identity Center Security

Language

English

PS_Inc

asked 6 months ago306 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

Hi,

I assume this is for an IAM user. Please refer to the steps under the section "Recovering an IAM user MFA device" under this page, you should be able to find step by step instructions. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_lost-or-broken.html

Thanks

Rama

answered 6 months ago

EXPERT

Didier_Durand

reviewed 6 months ago

PS_Inc
6 months ago
Hi I thought that would work, but it still prompts for an MFA when the user signs in. Even though the console shows that the user has no MFA. It's very strange and I don't know how to reset the user to add a new password / set up a new MFA.
Rama
6 months ago
Hi, I have tried to simulate your problem in my sandbox. When I remove the MFA device for an IAM user, it doesn't prompt me to enter the MFA code after the password - so, it works as expected.

I suspect it could also be some local caching issue, please try to use another browser and/or in-cognito mode for the IAM user login. As a workaround, if allowed, you can also consider creating a fresh IAM username with MFA.

If the problem persists, please contact AWS Support since it appears to be a one-off case.

Thanks, Rama

Relevant content

Cognito Advanced security feedback seems to have no effect on MFA challenges
rePost-User-2445918
asked a year ago
Unable to disable SMS MFA for root user
Accepted Answer
Ferentschik Hardy
asked 5 years ago
How to enforce enable MFA for other users
rePost-User-9446870
asked a year ago
Force existing user to use MFA
dfulgido
asked 3 years ago
How do I increase security in Amazon Cognito by using MFA settings for users and user pools?
AWS OFFICIALUpdated a year ago
How do I reset a lost or broken MFA device for my AWS root user account?
AWS OFFICIALUpdated 2 years ago
How do I reset my AWS root user account MFA device?
AWS OFFICIALUpdated 2 years ago
How do I update my telephone number to reset my lost MFA device?
AWS OFFICIALUpdated a year ago
Optimizing Levenshtein User-Defined Function in Amazon Redshift
EXPERT
Harshida Patel
published 8 months ago
How to customize audit logs in OpenSearch to see which queries were run by users?
EXPERT
Cathy W
published 2 months ago