WebAuthnConfigurationType - Amazon Cognito User Pools
ContentsSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

WebAuthnConfigurationType

Settings for authentication (MFA) with passkey, or webauthN, biometric and security-key devices in a user pool. Configures the following:

  • Configuration for requiring user-verification support in passkeys.

  • The user pool relying-party ID. This is the domain, typically your user pool domain, that user's passkey providers should trust as a receiver of passkey authentication.

  • The providers that you want to allow as origins for passkey authentication.

This data type is a request parameter of SetUserPoolMfaConfig and a response parameter of GetUserPoolMfaConfig. To activate this setting, your user pool must be in the Essentials tier or higher.

Contents

RelyingPartyId

Sets or displays the authentication domain, typically your user pool domain, that passkey providers must use as a relying party (RP) in their configuration.

Under the following conditions, the passkey relying party ID must be the fully-qualified domain name of your custom domain:

  • The user pool is configured for passkey authentication.

  • The user pool has a custom domain, whether or not it also has a prefix domain.

  • Your application performs authentication with managed login or the classic hosted UI.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 127.

Required: No

UserVerification

When required, users can only register and sign in users with passkeys that are capable of user verification. When preferred, your user pool doesn't require the use of authenticators with user verification but encourages it.

Type: String

Valid Values: required | preferred

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: