AWS Cognito integration with Azure AD Using SAML
Buildbot Technologies Private Limited
We build your idea, We operate your product and We transfer the ownership
Introduction
In this blog post, we'll show you how to connect Microsoft Azure Active Directory (Azure AD) to Amazon Cognito user pools. First, let's understand what Amazon Cognito is. It's like a phonebook for users of your app. It helps them sign up and log in.
Now, managing user identities and how they log in can be tricky, especially if you want to support various methods like using Facebook or Google to log in or even your company's own login system. Amazon Cognito makes this easier. It's like a helpful system that handles all of this for you.
One cool thing about Amazon Cognito is that it gives you special codes (tokens) for security. These tokens help your app know who the user is and what they're allowed to do. The tokens have different jobs, like one that says, "This is who the user is," and another that says, "This is what the user can do."
So, if your app needs to let users log in using different systems (like Facebook, Google, or your company's system), you don't have to write lots of complicated code.
Prerequisites:
1. Steps to follow AWS Cognito Congratulation
1. Log in to your AWS account and Configure the AWS Cognito
1.1: creating the aws cognito
Step-1: Configure sign-in experience
Click on Next
Step-2: Configure security requirements
Click on Next
Step-3: Configure the sign-up experience
Step-4: configure message delivery
Step-5: Integrate your app
Navigate to the User Pool name section and we will define the User Pool name
Next, We select Hosted authentication pages as “ Use the Cognito Hosted UI “
Next, navigate the Domain section and we are using the domain type “ Use a Cognito Domain “
We need to create a Cognito domain name with unique and it must be available shown as below.
In the initial app client section we use a Public client
Next, we define the App client name as shown below
Next, we select the client secret as “ Generate a client secret ”
In the allowed callback url we are using https://jwt.io for testing purposes.
Navigate to the Advance app client settings
In the OAuth 2.0 grant types, we are selecting the grant type as implicit grant as shown below
In openID connect scopes select the “ email, profile, Openid “. as shown below image
Step-6: The output will be displayed as
Steps to follow Azuread Congratulation
1. Log in to the Azure portal and create the Azure active directory
1.1 Creating Exterperprise Azure AD
1.2 Exterperprise application
Step-1: The overview of the application is shown below
Recommended by LinkedIn
Step-2: configure the the Single sing-on
In the SAML method click on Edit to modify the Basic SAML Configuration
urn:amazon:cognito:sp:<your user pool ID>
https://<yourDomainPrefix>.auth.<region>.amazoncognito.com/saml2/idpresponse
In attributes@Claims navigate to Additional Claims and change the claim names as shown below
Step-4: Create the App client in Azure Cognito
Now we want to provide access to the user from the Azure active directory to access the application so we need to do the following
We need to select the OAuth 2.0 grant types as “ implicit grants “
Step-5: Creating the user in Azure ad, authenticate to AWS Cognito
To get the user password or to reset the password
Conclusion:
I hope this article has provided you with valuable insights into the topic at hand. Whether you're a beginner or an experienced professional, there's always something new to learn and discover in the world. By sharing my knowledge and experience with you, I hope to have sparked your curiosity and inspired you to explore further. Thank you for taking the time to read this article, and I look forward to hearing your thoughts and feedback
Written by,
is this access token from cognito or azure ?