export const meta = {
  title: `Authentication`,
  description: `Getting started with authentication for an app`
};

Authentication is the process of verifying the identity of a user. Writing the code for an application's login flow can be difficult and time consuming. In Amplify Studio, you can easily add a complete [Amazon Cognito](https://aws.amazon.com/cognito/) authentication solution to your app. You simply specify the log-in method, such as email and password, Amazon, Google, Facebook, or Sign in with Apple, and you are provided with the authentication UI component for the entire authentication flow.

If you choose to add one of the social sign-in login mechanisms, you will also need to specify an app ID, app secret, and redirect URIs. To learn more about how social sign-in works, see [Social sign-in (OAuth)](/lib/auth/social).

Multi-factor authentication (MFA) increases security for your app by adding an authentication method and not relying solely on the username and password. AWS Amplify uses Amazon Cognito to provide MFA. To learn more, see [Multi-factor authentication](/lib/auth/mfa).

Note that you must configure and deploy authentication for your application before you can [create users and groups](/console/auth/user-management) or apply [authorization rules](/console/authz/authorization) to your data models.

## To configure how users log in to an app

1. [Launch Studio](/console/adminui/start/#log-into-the-amplify-console) for an app
2. On the **Set up** menu, choose **Authentication**.
3. In the **Configure log in** section, choose a login mechanism to add from the **Add login mechanism** list. Valid options are *Username*, *Phone number*, *Facebook*, *Google*, *Amazon*, and *Sign in with Apple*. If you choose one of the social sign-in mechanisms, *Facebook*, *Google*, *Amazon*, or *Sign in with Apple* you will also need to enter your *App ID*, *App Secret*, and redirect URLs.
4. (Optional) Add multi-factor authentication (MFA).  MFA is set to **Off** by default. To turn on MFA, do the following in the **Multi-factor authentication** section:
  * Choose **Enforced** to require MFA for all users or choose **Optional** to allow individual users to enable MFA. 
  * (Optional) Choose **SMS**, and enter your SMS message. 
  * (Optional) Choose **Authenticator Application** if you want your app to load with an authentication flow that includes sign up and sign in.
5. In the **Configure sign up** section, expand **Password protection settings** and customize the password policy settings to enforce.
6. Choose **Save and Deploy**. This starts a CloudFormation deployment with the progress displayed in the upper right corner of the page.

Login mechanism settings, and sign up settings can't be changed after you deploy authentication. To change these settings, you must first delete the deployed authentication and then create and deploy new settings. You can, however, add new login mechanisms, add multi-factor authentication, and update the password protection settings.

[\\]: * 'Is the last sentence above true?'

## To reset authentication configuration settings

1. [Launch Studio](/console/adminui/start/#log-into-the-amplify-console) for an app
2. On the **Set up** menu, choose **Authentication**.
3. At the end of the **Authentication** page, choose **Reset all authentication settings and users**.
4. In the **Delete authentication** confirmation window, choose **Delete all authentication rules**.
5. The deployment progress displays in the upper right corner of the page.
6. After the delete authentication deployment completes, deploy new authentication rules by following the steps in the preceding procedure [for configuring how users log in to an app](/console/auth/authentication#to-configure-how-users-log-in-to-an-app).

[\\]: * 'What is the consequence of doing the above? What should we warn about?'