name : associate-software-token.rst **To generate a secret key for an MFA authenticator app** The following ``associate-software-token`` example generates a TOTP private key for a user who has signed in and received an access token. The resulting private key can be manually entered into an authenticator app, or applications can render it as a QR code that the user can scan. :: aws cognito-idp associate-software-token \ --access-token eyJra456defEXAMPLE Output:: { "SecretCode": "QWERTYUIOP123456EXAMPLE" } For more information, see `TOTP software token MFA <https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html>`__ in the *Amazon Cognito Developer Guide*.