Multi-factor authentication - AWS IAM Identity Center (successor to AWS Single Sign-On)

Multi-factor authentication

When you enable multi-factor authentication (MFA), users must sign in to the AWS access portal with their user name and password. This is the first factor, something they know. Users must also sign in with either a code or security key. This is the second factor, something they have or something they are. The second factor could be either an authentication code generated from their mobile device or alternatively by tapping on a security key connected to their computer. Taken together, these multiple factors provide increased security by preventing unauthorized access to your AWS resources unless a valid MFA challenge has been successfully completed.


As a security best practice, we strongly recommend that you enable multi-factor authentication. MFA provides a simple and secure way to add an extra layer of protection on top of the default authentication mechanism of user name and password.