GetUserPoolMfaConfig - Amazon Cognito User Pools
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsSee Also

GetUserPoolMfaConfig

Gets the user pool multi-factor authentication (MFA) configuration.

Request Syntax

{
   "UserPoolId": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

UserPoolId

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax

{
   "EmailMfaConfiguration": { 
      "Message": "string",
      "Subject": "string"
   },
   "MfaConfiguration": "string",
   "SmsMfaConfiguration": { 
      "SmsAuthenticationMessage": "string",
      "SmsConfiguration": { 
         "ExternalId": "string",
         "SnsCallerArn": "string",
         "SnsRegion": "string"
      }
   },
   "SoftwareTokenMfaConfiguration": { 
      "Enabled": boolean
   },
   "WebAuthnConfiguration": { 
      "RelyingPartyId": "string",
      "UserVerification": "string"
   }
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

EmailMfaConfiguration

Shows user pool email message configuration for MFA. Includes the subject and body of the email message template for MFA messages. To activate this setting, advanced security features must be active in your user pool.

Type: EmailMfaConfigType object

MfaConfiguration

The multi-factor authentication (MFA) configuration. Valid values include:

  • OFF MFA won't be used for any users.

  • ON MFA is required for all users to sign in.

  • OPTIONAL MFA will be required only for individual users who have an MFA factor activated.

Type: String

Valid Values: OFF | ON | OPTIONAL

SmsMfaConfiguration

Shows user pool SMS message configuration for MFA. Includes the message template and the SMS message sending configuration for Amazon SNS.

Type: SmsMfaConfigType object

SoftwareTokenMfaConfiguration

Shows user pool configuration for time-based one-time password (TOTP) MFA. Includes TOTP enabled or disabled state.

Type: SoftwareTokenMfaConfigType object

WebAuthnConfiguration

Shows user pool configuration for MFA with passkeys from biometric devices and security keys.

Type: WebAuthnConfigurationType object

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400

NotAuthorizedException

This exception is thrown when a user isn't authorized.

HTTP Status Code: 400

ResourceNotFoundException

This exception is thrown when the Amazon Cognito service can't find the requested resource.

HTTP Status Code: 400

TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: