Outside of AWS IAM Identity Center, does AWS support FIDOs/WebAuthn protocols for MFA, such as for Yubikeys when you access Workspaces?

Question

My specific use case is to enforce a Yubikey hard-token when I use an AWS Workspaces client to login to a workspace. It seems like the only way to have FIDO2/WebAuthn supported (versus TOTP) is to use IAM Identity Center (which was formerly AWS SSO?). Other similar use cases would be FIDO2/Webauthn support for the CLI and Workspaces, does that require using IAM Identity Center (AWS SSO)?

Hopefully that makes sense! Please let me know if you need more details!

Accepted Answer

Yes, you're right! Currently, outside of AWS IAM Identity Center (formerly AWS SSO), AWS does not offer native support for FIDO2/WebAuthn protocols like YubiKeys for multi-factor authentication (MFA) when accessing Workspaces directly.

Outside of AWS IAM Identity Center, does AWS support FIDOs/WebAuthn protocols for MFA, such as for Yubikeys when you access Workspaces?

相关内容