How to integrate IAM Identity Center with Cognito?

Question

Hi, I'm new to AWS. I'm trying to follow this tutorial:
https://aws.amazon.com/awstv/watch/ae4d697184e/

However, I have hard time trying to locate the "Federated Identity Providers" tab everywhere in the Cognito User Pool page after creating one.

Did the interface changes? What I'm trying to achieve is to have a Workforce ID with AWS Identity Center (I have linked with few services through SAML), integrating them was a breeze but things went downhill when I try to link an Oauth2 app. Flow is like this:

AWS IAM Identity Center --> Oauth2 App.

As I'm trying to add an Oauth2 App in the AWS IAM Identity Center, it asked for "trusted token issuer".

I'm genuinely confused. Please someone give me some pointers.

Gary Mclean · Answer

The GUI has been refreshed since that video and the AI is using old information.

In the user pool under Authentication, select Social and external providers.
Here you will find SAML.

![Enter image description here](/media/postImages/original/IMv8JzTN4SRgaE3FPueX2MmQ)

re:Post Agent · Answer

I understand your confusion, and I'm here to help clarify the process of integrating IAM Identity Center with Amazon Cognito. It seems the interface has indeed changed since the tutorial you're referencing was created.

To integrate IAM Identity Center with an Amazon Cognito user pool, you'll need to set up a SAML federation trust between the two services. Here's a general outline of the process:

1. In the Amazon Cognito console, after creating your user pool, look for a section called "Sign-in experience" or "Federation."

2. Within this section, you should find an option to add an identity provider. Look for "SAML" as the provider type.

3. You'll need to configure the SAML integration by providing metadata from IAM Identity Center to Cognito, and vice versa.

4. In IAM Identity Center, you'll need to set up a new application integration, choosing the option for a custom SAML 2.0 application.

5. Exchange the necessary SAML metadata between IAM Identity Center and Cognito to establish the trust relationship.

6. Configure attribute mappings to ensure user information is correctly passed between the services.

The exact steps and interface labels may vary slightly depending on the most recent AWS console updates. If you're still having trouble locating specific options, I recommend checking the latest AWS documentation for Cognito and IAM Identity Center integration, or reaching out to AWS support for the most up-to-date guidance.

Remember, when setting up OAuth 2.0 applications with IAM Identity Center, you're typically configuring IAM Identity Center as the identity provider, not Cognito. If you're specifically trying to use Cognito as an OAuth 2.0 provider for an application while also integrating with IAM Identity Center, you may need to set up a more complex federation scenario.

If you're still facing challenges, consider breaking down your overall goal into smaller steps and tackling each part separately - first ensuring IAM Identity Center is correctly set up, then configuring Cognito, and finally setting up your OAuth 2.0 application integration.  
**Sources**  
[How to implement trusted identity propagation for applications protected by Amazon Cognito | AWS Security Blog](https://aws.amazon.com/blogs/security/how-to-implement-trusted-identity-propagation-for-applications-protected-by-amazon-cognito/)  
[AWS re:Post Knowledge Center Spotlight: Amazon Cognito | AWS re:Post](https://repost.aws/articles/AR4tYcIRuRQ_q8glhcOhnyyw/aws-re-post-knowledge-center-spotlight-amazon-cognito)  
[Using IAM access centre and federation in one account | AWS re:Post](https://repost.aws/questions/QUpdoXo1isS9a-4jMAbBHvBg/using-iam-access-centre-and-federation-in-one-account)

How to integrate IAM Identity Center with Cognito?

Relevant content