As an administrator, you can enforce two-factor authentication(2FA) on all users in your Amplify instance.
For this, you need to specify a date on which 2FA will become a mandatory process for all users at your site. Once this is configured, users will see a banner at the top of the page displaying the number of days they have to set it up, upon logging in. If they log in after the configured date, they will be redirected to the 2FA configuration page and will not be able to access anything in Amplify until it is set up.
Amplify does not support enabling SAML and 2FA at the same time. If SAML is in use, it will skip 2FA.
To enforce 2FA:
- From the upper-right corner, click on your user name or avatar and select Administration from the options list.
- Select the Authentications tab, and scroll down to locate the setting.
- In the second column, select Enforce all users to use two-factor authentication.
- In the date field, enter the date by which all users are required to take action.
- Click Update Two-Factor Settings.
All users at your site will now see a banner at the top of their login page showing the date from which 2FA will be required. They cannot opt out after this date.
To disable two-factor authentication enforcement, clear the above selection.