Principle 10: End user identity and authentication

All access to service interfaces should be constrained to authenticated and authorised [end user] individuals.

Applicable risk classes: III-V

Two factor authentication — If required, the customer may configure identities to authenticate using additional factors.
Identity federation with your existing identity provider — If configuring federation between an existing identity provider and IAM, the identity provider’s two-factor authentication will operate independently of AWS, so the only AWS-specific task the customer is required to undertake is the federation itself.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Principle 9: Secure user management

Principle 11: External interface protection