By using AWS re:Post, you agree to the Terms of Use

Cognito SAML with multiple external IdPs


A customer is trying to host a third party application and allow external customers (businesses ) access to it. They need to have SAML integration with each of the businesses that purchase access to this tool. The end goal is that the business buys access, integrates with the tool via SAML, and then there are no extra IDs to manage.

I think this is just configuring a provider in IAM for each of these businesses, and then adding them to a Cognito Identity Pool, but I haven't found an example to confirm.

Asking for confirmation of approach, examples if possible, and description of how it will pick the correct provider given multiple user bases ( email address? ).


1 Answer
Accepted Answer

You can use Amazon Cognito User Pools federation by adding a sign-in through a SAML IdP (among others). Just to note that this is different from Amazon Cognito Identity Pools (Federated Identities) flow. Building ADFS Federation for your Web App using Amazon Cognito User Pools blog post provides end-to-end walk through.

As for SAML IdP identifier to automatically redirect the user to relevant IdP and UI customization, see Choosing SAML Identity Provider Names in the documentation.

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions