Stay up to date with the latest from the Knowledge Center. See all new Knowledge Center articles published in the last month, and re:Post's top contributors.
Can we enforce the use of hardware tokens only for some users in AWS IAM identity center users?
Hi all
I know if administrator enables MFA, users must sign in to the AWS access portal with two factors - https://docs.aws.amazon.com/singlesignon/latest/userguide/enable-mfa.html. I'd love to enforce the use of hardware tokens only for some users in AWS IAM identity center users. Is it possible?
Thanks.
- Newest
- Most votes
- Most comments
Unfortunately, it's not possible with Identity Center if you're using the IdC native directory. If you're using an external SAML-based identity provider, then MFA is handled on the identity provider side. So you'd have to look at what's supported by the identity provider.
IAM Identity Center lacks selective MFA device enforcement, but integration with an external IdP, additional Identity Center instances, or custom flows with Cognito can provide alternatives to achieve similar MFA control over selected user groups.
Relevant content
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
Hi, @Basel Mohamed, can you elaborate on how to do that? Any references? Thanks.