cognito verification link to validate users

Question

Hi team,

I have a Cognito user pool with 3 Groups, I want to create users inside Groups as System Administrators:

1. the system Admin will fill out a form about client's: given name, surname, email address + some custom attributes
2. when sending the form (invitation), my lambda function should create the user inside my Cognito user pool Group with all the above attributes.
3. the client will receive a link via email to validate the invitation
4. when the client clicks the link (custom Domain link), he validates the invitation

I created a lambda function that creates the user in the Cognito user pool and then added it inside the group (`using adminCreateUser and adminAddUserToGroup AP calls`)

```
const params = {
    UserPoolId: USER_POOL_ID,
    Username: event.email,
    UserAttributes: [
      {
        Name: "email",
        Value: event.email,
      },
      {
        Name: "given_name",
        Value: event.givenName,
      },
      {
        Name: "family_name",
        Value: event.familyName,
      },
    ],
  };

try {
    const result = await cognitoIdentityServiceProvider
      .adminCreateUser(params)
      .promise();
```

I also configured the Cognito to send a link email

> On "Message customisations" page> "Do you want to customize your email verification messages?" > "Verification type" => I chose "Link" option

After lambda has run, the user is created with 	
`Confirmation status = `  **Force change password**

and the email I received looks like this :

```
Subject = Your temporary password
Body = Your username is myEmail@gmail.com and temporary password is Hc>sP40782HNz%.
```
so I expected to receive  a Link and when the client click the link it validate the invitation (point 4 above) then the client becomes validated inside my user pool.

But I did not receive a link, how can I achieve points 3 and 4?

I just want after creating the user and adding it to a group, to make it valid in Cognito once he clicks the emailed link

Answer

Hello Jess,

Hope you are doing great!

As per the provided details, you are looking to achieve the **User confirmation/Verification** part between the steps 3 & 4, but you are only receiving Invitation link with the Temporary password for the user that was created.

As you are using **adminCreateUser** API call the users are automatically in a Confirmed state in your Cognito Pool hence there is no further steps required for confirmation/verification process. Please refer to the diagram shown in [this page](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#signup-confirmation-verification-overview).

Also please refer to this section [Confirmation and verification processes for user accounts created by administrators or developers](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#confirmation-and-verification-of-users-whose-accounts-youve-created) from the Cognito User Sign Up public document for more information on users created by Administrators. Hence, in the process when the users are created by the Administrator you are receiving the Invitation link with the Temporary password instead of the Confirmation/Verification link as they are already in a Confirmed state.

I trust that you find above information helpful. Please let me know if this answers your questions.

Feel free to add more questions and I will be more than happy to assist you further.

Thanks,
Munkhbat

cognito verification link to validate users

Relevant content