WebAuthnConfigurationType
Settings for authentication (MFA) with passkey, or webauthN, biometric and security-key devices in a user pool. Configures the following:
-
Configuration for requiring user-verification support in passkeys.
-
The user pool relying-party ID. This is the domain, typically your user pool domain, that user's passkey providers should trust as a receiver of passkey authentication.
-
The providers that you want to allow as origins for passkey authentication.
This data type is a request parameter of SetUserPoolMfaConfig and a response parameter of GetUserPoolMfaConfig. To activate this setting, your user pool must be in the Essentials tier or higher.
Contents
- RelyingPartyId
-
Sets or displays the authentication domain, typically your user pool domain, that passkey providers must use as a relying party (RP) in their configuration.
Under the following conditions, the passkey relying party ID must be the fully-qualified domain name of your custom domain:
-
The user pool is configured for passkey authentication.
-
The user pool has a custom domain, whether or not it also has a prefix domain.
-
Your application performs authentication with managed login or the classic hosted UI.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 127.
Required: No
-
- UserVerification
-
When
required, users can only register and sign in users with passkeys that are capable of user verification. When preferred, your user pool doesn't require the use of authenticators with user verification but encourages it.Type: String
Valid Values:
required | preferredRequired: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
