AWS Wickr Single Sign-on (SSO) setup with Amazon Cognito

Complete the following steps in AWS Management Console for Amazon Cognito

1. Open the AWS Management Console and search for Cognito.
2. Navigate to User pools, and click on Create User Pool.

3. Select "Traditional web application" as the Application Type and enter a name for the application.
4. Select Email as the sign-in identifier.
5. (Recommended) Select family_name and given_name as Required attributes for sign-up .
6. Enter the Redirect URI from your Wickr SSO setup. For AWS Wickr this is: https://messaging-pro-prod.wickr.com/deeplink/oidc.php Note: This can also be copied from the AWS Wickr console > Select a network (to configure SSO) > User management > SSO configuration > Copy the Redirect URI

7. Click Create user directory to create the user pool.
8. Navigate to App clients and select the app you created.
9. Click on Attribute permissions, and edit the permissions to set email, family_name, and given_name to Read and Write.

10. Navigate to Login pages and edit the Managed login pages configuration.
11. Select Email, OpenID, Phone, aws.cognito.signin.user.admin, and Profile as the OpenID connection scopes. Save changes.

Complete the following steps in AWS Management Console for AWS Wickr.

12. Open the AWS Management Console for Wickr at https://console.aws.amazon.com/wickr/.
13. On the Networks page, select the network name to navigate to the network you want to set up SSO for.
14. In the navigation pane, choose User Management > Single Sign-on > Edit.

Add the following required information:

• Issuer - Copy the Token signing key URL from the user pool created in Cognito.

• Client ID and Client secret- Copy these from the App Client you created in Cognito.

• Scopes - email openid profile

• Company ID - This can be any text value and must be unique. This text is what your users will enter when registering on new devices.

15. Click Next to test the connection.
16. Click Next to review details and Save Changes.

You can now add or manage users from the Cognito user pool. Users added to the application from the Cognito user pool will be able to sign in to the AWS Wickr network by choosing the Sign in With SSO option on their clients.

Important note 1: Users will need to enter the Company ID and verify their email through Wickr's email verification when signing in the first time.
Important note 2: AWS Wickr does not support the Mark email address as verified option when setting up users in Cognito pool. This option should be disabled for users in the Cognito pool.