Posted On: Nov 16, 2023

Starting today, all new AWS IAM Identity Center instances will have multi-factor authentication (MFA) enabled by default. Enabling MFA is a security best practice we recommend, and is one of the simplest and most effective mechanisms to help you secure your user accounts.

With this change, IAM Identity Center users in newly created instances will be prompted to register for an MFA device during first time sign-in, and presented with additional verification if their sign-in context (such as device, browser, and location) changes. Existing customer-configured MFA settings will remain unchanged. While we encourage our customers to use MFA, IAM Identity Center administrators can update these MFA settings for their users based on their security requirements. We also recommend customers using external identity providers to enable MFA for their users.

IAM Identity Center supports industry-standard MFA options, including FIDO2 passkeys and virtual authenticator apps. For information about MFA settings and types, see Enable MFA in the IAM Identity Center User Guide.