Direkt zum Inhalt
Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post
Über re:Post

Cognito User event history with IDP user

0

I am unable to get any user even history upon sign in when using an idp user from entra. However a user/pass login generates the log. Where could I look to find why this is happening?

Themen
Sicherheit, Identität & Konformität
Tags
Amazon Cognito
Sprache
English
gefragt vor 6 Monaten158 Aufrufe
1 Antwort
0

When you're experiencing issues with user event history for IDP (Identity Provider) users in Amazon Cognito, there are a few things to consider:

  1. Advanced Security Features: Make sure you have enabled the advanced security features for your Cognito user pool. This is essential for generating detailed user event logs, including sign-in attempts and risk assessments.

  2. Plus Feature Plan: Verify that your user pool is on the Plus feature plan. This plan is required to export and view detailed user activity logs.

  3. Proper Configuration: Ensure that your IDP (in this case, Entra) is correctly configured and integrated with your Cognito user pool. Misconfiguration could lead to events not being properly logged.

  4. UserContextData: For custom authentication flows or when using external IDPs, it's crucial to populate the UserContextData in the authentication requests. This data is important for the risk engine to function correctly and generate proper logs. Some SDKs like AWS Amplify do this automatically, but for custom implementations, you need to ensure this is done manually.

  5. API Check: Try using the AdminListUserAuthEvents API operation to see if you can retrieve any logs for the IDP users. This might reveal events that are not visible through the console.

  6. Console Viewing: In the Amazon Cognito console, make sure you're looking in the correct place. Navigate to your user pool, search for the specific IDP user, select their username, and check the "User event history" section.

  7. Logging Configuration: Review your log delivery configuration to ensure it's set up correctly for capturing all types of authentication events, including those from external IDPs.

If after checking these points you still don't see any logs for IDP users, it may be worth contacting AWS support for further investigation, as this could potentially be a configuration issue or a limitation with how external IDP events are logged in Cognito.

Remember, populating event logs may take some time, so ensure you've allowed sufficient time for the logs to appear after sign-in attempts.

Sources
Adding threat detection to custom authentication flow with Amazon Cognito advanced security features | AWS Security Blog
Exporting logs from Amazon Cognito user pools - Amazon Cognito
Cognito events logging | AWS re:Post

beantwortet vor 6 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Relevanter Inhalt