diff --git a/README.md b/README.md
index 200435d2..f1399334 100644
--- a/README.md
+++ b/README.md
@@ -321,6 +321,7 @@ This module is composed of several submodules and each of which can be used inde
| [master\_iam\_role\_policy\_name](#input\_master\_iam\_role\_policy\_name) | The name of the IAM Master role policy. | `string` | `"IAM-Master-Policy"` | no |
| [max\_password\_age](#input\_max\_password\_age) | The number of days that an user password is valid. | `number` | `0` | no |
| [member\_accounts](#input\_member\_accounts) | A list of IDs and emails of AWS accounts which associated as member accounts. | list(object({
account_id = string
email = string
})) | `[]` | no |
+| [mfa\_console\_signin\_allow\_sso](#input\_mfa\_console\_signin\_allow\_sso) | The boolean flag whether the no\_mfa\_console\_signin alarm allows SSO auth to be ignored. | `bool` | `false` | no |
| [minimum\_password\_length](#input\_minimum\_password\_length) | Minimum length to require for user passwords. | `number` | `14` | no |
| [nacl\_changes\_enabled](#input\_nacl\_changes\_enabled) | The boolean flag whether the nacl\_changes alarm is enabled or not. No resources are created when set to false. | `bool` | `true` | no |
| [network\_gw\_changes\_enabled](#input\_network\_gw\_changes\_enabled) | The boolean flag whether the network\_gw\_changes alarm is enabled or not. No resources are created when set to false. | `bool` | `true` | no |
diff --git a/modules/alarm-baseline/README.md b/modules/alarm-baseline/README.md
index b307e705..d50b460a 100644
--- a/modules/alarm-baseline/README.md
+++ b/modules/alarm-baseline/README.md
@@ -72,6 +72,7 @@ No modules.
| [disable\_or\_delete\_cmk\_enabled](#input\_disable\_or\_delete\_cmk\_enabled) | The boolean flag whether the disable\_or\_delete\_cmk alarm is enabled or not. No resources are created when set to false. | `bool` | `true` | no |
| [enabled](#input\_enabled) | The boolean flag whether this module is enabled or not. No resources are created when set to false. | `bool` | `true` | no |
| [iam\_changes\_enabled](#input\_iam\_changes\_enabled) | The boolean flag whether the iam\_changes alarm is enabled or not. No resources are created when set to false. | `bool` | `true` | no |
+| [mfa\_console\_signin\_allow\_sso](#input\_mfa\_console\_signin\_allow\_sso) | The boolean flag whether the no\_mfa\_console\_signin alarm allows SSO auth to be ignored. | `bool` | `false` | no |
| [nacl\_changes\_enabled](#input\_nacl\_changes\_enabled) | The boolean flag whether the nacl\_changes alarm is enabled or not. No resources are created when set to false. | `bool` | `true` | no |
| [network\_gw\_changes\_enabled](#input\_network\_gw\_changes\_enabled) | The boolean flag whether the network\_gw\_changes alarm is enabled or not. No resources are created when set to false. | `bool` | `true` | no |
| [no\_mfa\_console\_signin\_enabled](#input\_no\_mfa\_console\_signin\_enabled) | The boolean flag whether the no\_mfa\_console\_signin alarm is enabled or not. No resources are created when set to false. | `bool` | `true` | no |
diff --git a/modules/alarm-baseline/main.tf b/modules/alarm-baseline/main.tf
index 6ce37905..2f54ae40 100644
--- a/modules/alarm-baseline/main.tf
+++ b/modules/alarm-baseline/main.tf
@@ -82,8 +82,11 @@ resource "aws_cloudwatch_metric_alarm" "unauthorized_api_calls" {
resource "aws_cloudwatch_log_metric_filter" "no_mfa_console_signin" {
count = var.enabled && var.no_mfa_console_signin_enabled ? 1 : 0
- name = "NoMFAConsoleSignin"
- pattern = join(" ", ["{ ($.eventName = \"ConsoleLogin\") && ($.additionalEventData.MFAUsed != \"Yes\")", var.mfa_console_signin_allow_sso == true ? "&& ($.userIdentity.arn != \"*assumed-role/AWSReservedSSO*\") }" : "}"])
+ name = "NoMFAConsoleSignin"
+ pattern = join(" ", [
+ "{ ($.eventName = \"ConsoleLogin\") && ($.additionalEventData.MFAUsed != \"Yes\")",
+ var.mfa_console_signin_allow_sso ? "&& ($.userIdentity.type = \"IAMUser\") && ($.responseElements.ConsoleLogin = \"Success\") }" : "}",
+ ])
log_group_name = var.cloudtrail_log_group_name
metric_transformation {