Menu
Amazon Cognito
Developer Guide

Configuring Email and Phone Verification

You can choose settings for email and phone verification in the MFA and verifications tab.

Amazon Cognito can automatically verify email addresses and mobile phone numbers by sending a verification code—or, for email, a verification link. For email addresses, the code or link is sent in an email message. For phone numbers, the code is sent in an SMS text message.

Verification of a phone or email is necessary to automatically confirm users and enable recovery from forgotten passwords. Alternatively, you can automatically confirm users with the pre-sign up Lambda trigger or by using the AdminConfirmSignUp API. For more information, see Signing Up and Confirming User Accounts.

Note

Use of SMS text messaging for verifying phone numbers is charged separately by Amazon SNS. (There is no charge for sending verification codes to email addresses.) For information about Amazon SNS pricing, see Worldwide SMS Pricing. For the current list of countries where SMS messaging is available, see Supported Regions and Countries.

The verification code or link is valid for 24 hours.

If verification is selected as required for email or phone, the verification code or link is automatically sent when a user signs up.

Note

The forgotten password flow requires either the user's email or the user's phone number to be verified.

Important

If a user signs up with both a phone number and an email address, and your user pool settings require verification of both attributes, a verification code is sent via SMS to the phone. The email address is not verified, so your app needs to call GetUser to see if an email address is awaiting verification. If it is, the app should call GetUserAttributeVerificationCode to initiate the email verification flow and then submit the verification code by calling VerifyUserAttribute.

Authorizing Amazon Cognito to Send SMS Messages on Your Behalf

To send SMS messages to your users on your behalf, Amazon Cognito needs your permission. To grant that permission, you can create an AWS Identity and Access Management (IAM) role in the MFA and verifications tab of the Amazon Cognito console by choosing Create role.

On this page: