Closed lucasmike closed 6 years ago
itrestian
commented
6 years ago There is support for TOTP as an MFA on the hosted UI. However, there is currently no support on the hosted UI for configuring the TOTP MFA (this is on our roadmap). However you can use any of our client SDKs to configure TOTP for the user.
itrestian
commented
6 years ago SMS MFA would work if the user has a phone number in their profile.
lucasmike
commented
6 years ago I got the SMS MFA to work on the hosted UI but I can't do it with the TOTP. The UI simply does not seem to switch to the right workflow (i.e. provide a secret code first to set up TOTP, verify the set up, then for future log ins ask for the code..) - instead the error message as per above shows up. Am I missing something in the pool settings? I marked MFA as 'required' and marked 'TOTP' as the only option.
itrestian
commented
6 years ago I mentioned above that the setup won't work on the hosted UI yet. You would have to use the client SDKs for that. After setting up, authentications using TOTP MFA would work.
lucasmike
commented
6 years ago oh, I see - thanks for the clarification.
itrestian
commented
6 years ago No problem.
starcub
commented
6 years ago Any updates on this feature? When will you have the hosted UI to support setup of TOTP?
ChristopherPeterson
commented
5 years ago Beyond asking for an update on support, can you please be more specific as to what is required to be called through the SDK in order to set it up?
I am assuming that I could trigger this through the cognito-idp, and would like to understand the details of how.
Thanks! Chris
pmstss
commented
4 years ago However, there is currently no support on the hosted UI for configuring the TOTP MFA
Is it still missing?
vijaynagothi
commented
4 years ago Yes. Looks like its still missing.
I set up a new pool with a required MFA based on TOTP but it looks like the app is not handling this flow. Instead at the sign in page after submitting correct username and password it returns the following error:
I double checked, everything is set up in the pool correctly.
Is it perhaps an issue with no support for TOTP? Would an SMS based MFA work instead? Note, my users at the moment don't have mobile phones - is that a problem even for TOTP based MFA?