MFA for specific connections

Problem statement

How can configure MFA to apply only for specific connections?

Solution

You can use a post-login action (Login Flow) to achieve this. Here’s an example:

exports.onExecutePostLogin = async (event, api) => {
  // Require MFA for anyone logging in via the Username-Password-Authentication connection
  if (event.connection.name === "Username-Password-Authentication") {
    api.multifactor.enable("any");
  }
}

Please refer to the following for more details:
api.multifactor.enable(provider, options) API reference:

event.connection object reference: