WebAuthnConfigurationType
Settings for multi-factor authentication (MFA) with passkey, or webauthN, biometric and security-key devices in a user pool. Configures the following:
-
Configuration at the user-pool level for whether you want to require passkey configuration as an MFA factor, or include it as a choice.
-
The user pool relying-party ID. This is the user pool domain that user's passkey providers should trust as a receiver of passkey authentication.
-
The providers that you want to allow as origins for passkey authentication.
This data type is a request parameter of SetUserPoolMfaConfig and a response parameter of GetUserPoolMfaConfig.
Contents
- RelyingPartyId
-
Sets or displays the authentication domain, typically your user pool domain, that passkey providers must use as a relying party (RP) in their configuration.
Under the following conditions, the passkey relying party ID must be the fully-qualified domain name of your custom domain:
-
The user pool is configured for passkey authentication.
-
The user pool has a custom domain, whether or not it also has a prefix domain.
-
Your application performs authentication with managed login or the classic hosted UI.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 127.
Required: No
-
- UserVerification
-
Sets or displays your user-pool treatment for MFA with a passkey. You can override other MFA options and require passkey MFA, or you can set it as preferred. When passkey MFA is preferred, the hosted UI encourages users to register a passkey at sign-in.
Type: String
Valid Values:
required | preferredRequired: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
