AWS Cognito - Setting Up Identity Provider (SSO)

Create AWS Cognito User Pool

1. Access the AWS Management Console and navigate to the Cognito service.

2. Select Manage User Pools.

3. In the User Pools section, click the Create a User Pool button. You'll be prompted to name your new pool.

4. After naming your pool, select Step through settings. This section lets you define sign-in parameters for your users.

5. Select the attributes shown in the screenshot below. These attributes determine the information you'll collect from users during registration.

   
6. After setting the required attributes, click Next Step to save your configurations.

Setting Up Policies

1. Select the settings to match your security requirements.

2. Click Next Step.

   

MFA and Verification Configuration

1. Select Multi-Factor Authentication and verification settings based on your security needs.

2. Click Next Step to save your configurations.

   

Message Customizations

1. Edit the verification messages to meet your needs.

2. Click Next Step to save your configurations.

   

App Clients Configuration

1. Skip the Tags and Devices steps.

2. Configure the App Clients.

3. Click Add an app client.

4. Edit the settings to match the screenshot below.

5. Click Next Step to save your configurations.

   

Finalize the User Pool

1. On the Review step, verify all configurations are correct.

2. If everything is correct, click Create Pool to finalize the user pool creation.

Set the Domain Name

The next step is to create a Domain Name for the User Pool you created.

1. Navigate to the Domain Name tab.

2. Enter your desired Domain Prefix.

3. Click Check Availability.

4. If the domain is available, click Save Changes.

   

Configure App Client Settings

1. Navigate to App client settings and update them to match the configurations shown in the screenshot below.

   
2. In the CallBack URL(s) field, add the URL of your region for each Flosum Cloud App you want to use with SSO. See the table below for the URLs for your region.

1. In the Sign-out URL(s) field, add the URL of your region for each Flosum Cloud App you want to use with SSO. See the table below for the URLs for your region.

Retrieve the ISSUER_BASE_URL

1. Navigate to Manage User Pools within AWS Cognito.

2. Select the User Pool you created, and then access General Settings.

3. Note the ISSUER_BASE_URL, which follows the format: https://cognito-idp.<region>.amazonaws.com/<userPoolId>.

   

Retrieve ISSUER_CLIENT_ID and ISSUER_CLIENT_SECRET

1. Navigate to Manage User Pools within AWS Cognito.

2. Select the User Pool you created, and then click on App Clients.

3. Note the ISSUER_CLIENT_ID, found under App client id.

4. Note the ISSUER_CLIENT_SECRET, found under App client secret.

Set Redirect URL

1. In the Redirect URL field, add the URL of your region for each Flosum Cloud App you want to use with SSO. See the table below for the URLs for your region.

Create Identity Provider

Log in to Flosum Global Settings by following the instructions in the linked article.

• Log In To Global Settings

1. Click Identity Providers from the sidebar menu.

2. Click Create.

   
3. Enter a Name for the identity provider.

4. Click the Type dropdown menu.

   
5. Select OPEN_ID.

   
6. Enter the values you saved from your AWS Contigo User Pool into the following fields in the OpenId Information on the Create Identity Provider form.

1. In the Button Text textbox, enter a label to be displayed on the login button on the login screen.

2. Click Save.

   

Log In to Flosum Cloud Apps Using AWS Contigo

After configuring AWS Contigo and adding the Identity Provider, test your SSO implementation by logging in to Flosum Global Settings.

1. Open the Flosum Cloud App to log in.

2. Click Use tenant name.

   
3. Enter Tenant Name.

   
4. Click the SSO button created by your system administrator.

   

1. Complete the login with your SSO provider.