I am using AWS Cognito User pools to SignUp users. However my client applications are OKTA based. Once the users have signup and confirme their email address on cognito, I would like to be able to login with their credentials directly in the Okta apps, so that would require to create a user/password also on the Okta app. But that would require some development to take the cognito credentials and creating the Okta user with these credentials.
How can I integrate it directly, so once the user has confirmed the email, can automatically log into okta app? Also, if I invalidate a user on cognito, it should not have no longer access to Okta apps.
It's not possible. You would need to do all by hands: creating/modifying users in Okta after you do the same in Cognito.
All Okta - Cognito integrations suppose that you have your applications integrated with Cognito, which is integrated with Okta. Okta is your identity store and all creations/modifications are done there. Cognito only trusts information from Okta and allows user to sign-in into applications integrated with it
Related
I have setup an userpool with two login methods. One using hosted UI with userpool to signup/sign-in users. And ther other using a Federated Identity Provider (IDP). For both login methods(Appclients) I have enabled and used Code Auth Flow + PKCE (So the code <-> token exchange could be completely handled by the client - react web frontend).
I have also setup an Identity pool for users' to get temporary credentials to complete the MFA (TOTP) setup from react web frontend.
Now, I could complete the MFA setup - showing the QR code (AssociateSoftwareToken), performing VerifySoftwareToken (after user gets the one time token using code generator app- google authenticator in my case) and updating userpool for user's preference with SoftwareTokenMfa settings.
When users Login using the hosted-UI (with useraccounts created through Cognito ), Cognito performs the MFA challenge before redirecting with (oauth) code.
But when users logged in using Federated Login, Cognito redirects the user back to application with oauth code.
Is there anyway, I could make Cognito perform MFA for users logging-in using Federated Login?
I have a Web-based application that uses AWS Cognito for Identity Management. The Cognito Userpool is enabled with Multi-factor Authentication for user sign-in.
I want to write a test case to test this application for user sign-in with MFA enabled.
Any leads on how to approach this would be helpful.
I really appreciate any help you can provide.
I have an Android app and an API secured with Auth0.
I'm developing an app for a new client, who has a large Cognito user pool.
Is it possible to use my current Auth0 setup to log in Cognito users via email/password and receive a Auth0 JWT?
I don't want to create a new Auth0 user for each Cognito user. At least not explicitly.
Thanks
If I understand you correctly, you want to use Auth0 as a service provider and AWS Cognito as an identity provider. In theory, you can use SAML protocol to achieve that. Try the following:
Configure Auth0 as SAML service provider. https://auth0.com/docs/protocols/saml/saml-sp-generic
Configure AWS Cognito AS Identity provider: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managing-saml-idp-console.html
Then, once you initiate the login flow in auth0, users will be redirected to AWS Cognito for user authentication. After successful user authentication, AWS should redirect the user Auth0 with SAML Assertion. In that stage, Auth0 will validate the assertion and will issue a JWT token. The user will be redirected to your application with JWT. Note that if this is the first login, auth0 will create a user profile.
https://auth0.com/docs/protocols/saml
The following AWS documentation explains how to configure auth0 as IDP.
https://aws.amazon.com/premiumsupport/knowledge-center/auth0-saml-cognito-user-pool/
I have a user database in a CMS that I'm trying to migrate to a new AWS Cognito user pool.
Some of the users have authentication using OAuth providers (Google and Facebook), the app credentials of which I'm able to add to the user pool as identity providers in Cognito. I'm also able to import the users into Cognito as a CSV file, which results in every user needing a password reset.
What is required to configure the existing Google and Facebook OAuth users so that they use the identity providers in Cognito?
I have a rest api in nodejs. my mobile app will consume my rest api. Can i implement oauth2 type authentication using aws cognito for my mobile app? I need resource owner password grant if i implement oauth2.
Amazon Cognito's Federated Identity feature is not an authentication provider. It vends AWS credentials for well known providers like Facebook, Google, Cognito User Pools, etc. or for custom developer providers. These custom developer provider can use any authentication protocol as long as they talk to our services from the back end and use the OpenId tokens vended in back end from their mobile apps. You can read more about this here.
Cognito User Pools however is an authentication provider and vends OpenId tokens once the user is authenticated. These tokens can also be exchanged for AWS credentials using the federated identity flow.