Configure the password policy, and account recovery setting.
Set MFAConfiguration to OFF and note that MFA is not enabled by Cognito Hosted UI. If enabled, the developer must implement MFA in the QuickStart.
Learning
From the AWS documentation provided in the AWS console when configuring MFA:
"If using TOTP MFA, MFA registration must be coded into your app. Users signing up in the Amazon Cognito hosted UI are not automatically prompted to register a code generator app.
If a user does not have an MFA set up, Amazon Cognito will respond to sign-in attempts with an MFA_SETUP challenge."
Here is an example of the MFA_CHALLENGE:
Pull Request Creator Checklist
[ ] This PR has an associated issue or issues.
[ ] The associated issue(s) are linked above.
[ ] This PR meets all acceptance criteria for those issues.
[ ] This PR and linked issue(s) are adequately documented
[ ] This PR and linked issues(s) are a complete description of the changeset; an individual or team should be able to understand the issue(s) and changes by reading through this PR and it's links, with no further interaction.
[ ] Someone has been assigned this PR.
[ ] At least one person has been marked as reviewer on this PR.
Pull Request Reviewer/Assignee Checklist
[ ] This PR has an associated issue or issues.
[ ] The associated issue(s) are linked above.
[ ] This PR meets all acceptance criteria for those issues.
[ ] This PR and linked issue(s) are adequately documented
[ ] This PR and linked issues(s) are a complete description of the changeset; an individual or team should be able to understand the issue(s) and changes by reading through this PR and it's links, with no further interaction.
https://jiraent.cms.gov/browse/CMCSMACD-509
Purpose
Configure the password policy, and account recovery setting. Set MFAConfiguration to OFF and note that MFA is not enabled by Cognito Hosted UI. If enabled, the developer must implement MFA in the QuickStart.
Learning
From the AWS documentation provided in the AWS console when configuring MFA: "If using TOTP MFA, MFA registration must be coded into your app. Users signing up in the Amazon Cognito hosted UI are not automatically prompted to register a code generator app. If a user does not have an MFA set up, Amazon Cognito will respond to sign-in attempts with an MFA_SETUP challenge." Here is an example of the MFA_CHALLENGE:
Pull Request Creator Checklist
Pull Request Reviewer/Assignee Checklist