I have a react application which uses Amplify to connect to AWS cognito userpool. I wanted to connect zendesk to this userpool using SAML, so that any user, logged into my react application should automatically get logged into zendesk.
I went through zendesk's documentation for SSO and it supports SAML based authentication. But on congito side, it doesn't support SAML as an Identity Provider.
Can somebody please help me understand the right way of connecting these two applications?
Related
Using Auth0 as an example of what I want to achieve, it is possible to create an Auth0 application and configure a SAML trust relationship to a service provider by downloading Auth0's Identity Provider Metadata from a Auth0 SAML2 Web App and supplying that to the service provider, and also uploading the Service Provider metadata to Auth0. Supplying some other configuration options such as application callback URL to Auth0 then allows federation to be achieved into the test service provider via SP initiated SSO.
I would like to understand if it is possible to build such a relationship with AWS Cognito using either SAML or OIDC, where Cognito would be acting as the Identity Provider. There seems to be a lot of documentation available providing instructions on how to use SAML to create a relationship to a third-party identity provider for a user pool, but I'm struggling to find any documentation or options within the console to configure SSO to a test service provider, for example no reference to Cognito Identity Provider metadata. The assumption that I am making is that Cognito is a service only for authorisation with your own applications (such as user login) and does not support SSO into other services in the way that I describe, and that if you wanted to use Cognito as a Identity Provider then I would have to connect my user pools to a service such as Auth0 to then build out the SSO relationship. Am I correct in this assumption? and if not, please help me to understand where in the documentation/console I should be looking.
I'm also aware that AWS SSO exists and that I could potentially link a Cognito user pool to that, however the user pool will be made up of clients, and my assumption is that AWS SSO serves to specifically support (internal/affiliate) employee access to AWS services and resources, and should not be used as a way to enable SSO to another service for customers.
Recently I faced a new requirement to link or connect Google oidc external provider with aws cognito.
Background: my frontend application is running in aws and integrated with cognito for users and groups. Due to new requirements I have to connect client web application (jupyterhub) which is running on GCP vm instances.
My question is here : is this compatible or possible to use Google IAP with external oidc provider which could link to aws cognito app client and provide cognito UI to login?
Has someone faced such situation?
I would appreciate any comments or thought on this scanerio.
Many thanks
Adam
You can authenticate users with a wide range of identity providers such as OIDC and more by combining IAP and Identity Platform.
Identity Platform can be used to sign in users with an OpenID Connect (OIDC) provider.
Goal: Allow Firebase Auth users to access Amazon Connect without having to enter another username and password
What I've tried:
Amazon Connect's Identity Management can be done via 3 ways:
Store Users with Amazon Connect
Link to an Existing Directory
SAML 2.0-based authentication
1) Doesn't support SSO
2) I tried to create a Directory in AWS Directory Service, but given the options (AWS Managed Microsoft AD, Simple AD, AD Connector), none of them seem to be compatible with Firebase. I'm not sure if there is a way to sync Firebase Auth users into one of the above listed ADs.
3) SAML seemed promising, however, it appears that Firebase can use a SAML Provider, but cannot act as a SAML provider.
Is there any solution that will allow me to have Firebase Auth users SSO into an Amazon Connect instance?
If there is no direct solution, is there even an indirect solution where, for example, Cognito is my primary auth, which provides Connect access, and then I use Cognito as the SAML provider for my Firebase Auth
I am attempting to allow a third party app (Google Home) to access information from a AWS Cognito User Pool.
The flow of the entire process is as follows (assuming I understand it correctly that is):
The user tries to link their devices (which are all managed inside various AWS services) to Google Home.
The user is then redirected to our oauth2 page where they log into their account in the cognito user pool
They succesfully log in and are provided with an oauth token
The Google Home app can then use that token to send requests to our back end, allowing them to control their devices, but not the devices belonging to other users.
I am not exactly sure how to setup the cognito user pool as an oauth2 provider. I can find lots of info going the other way (for instance using Google to sign into our AWS user pool using federated identities) but that doesn't solve our problem.
Any help or direction would be greatly appreciated.
Thanks in advance
Amazon Cognito now supports OAuth 2.0. Login to the Amazon Cognito Console and follow these steps for an existing user pool:
Create a domain in the "App Integration" section.
In the same navigation go to "App Client Settings" and enable the providers you want enabled on the client, in your case Cognito. Also add the allowed callback and logout URIs as well as the allowed OAuth flows and scopes.
Now your authorize endpoint is https://.auth..amazoncognito.com/authorize?client_id=&redirect_uri=&response_type= and same way you can find the token endpoint.
More details...
I am building iOS app and was looking into AWS MobileHub...I am trying to setup sign-in using AWS Cognito, I have configured the identitypool with my custom OpenID Connect provider (I built my own with IdentityServer) but when I configure Sign in using the MobileHub it only gives me the option to use Facebook, Google, Twitter (coming soon), or a custom authentication backend (NOT OpenID)...am I missing something or is this not supported yet with MobileHub.
Mobile Hub does not currently support OpenID Connect providers. However, because you have configured your Cognito identity pool to support OpenID, you can use the AWS SDK directly to handle authentication. This blog post should help:
https://blogs.aws.amazon.com/security/post/Tx3LP54JOGBE0AY/Building-an-App-using-Amazon-Cognito-and-an-OpenID-Connect-Identity-Provider