Increase AWS Single Sign-On security with multi-factor authentication using authenticator apps
AWS Single Sign-on (AWS SSO) now enables you to increase security by enabling multi-factor authentication (MFA) with authenticator applications, such as Authy and Google Authenticator that generate time-based one-time passcodes (TOTP). You can now configure AWS SSO to require users to enter an authenticator-generated TOTP code in addition to their password. MFA improves security by requiring people to know something (their password) and have something (their authenticator) before they can sign in.
Source:: Amazon AWS