AWS Cognito - Setting Up Identity Provider (SSO)

circle-check

Required User Credentials

Overview

This guide explains how to integrate AWS Cognito with Flosum Cloud Apps to enable Single Sign-On (SSO) for seamless login.

circle-info

For more general instructions about adding an Identity Provider, see the following article.

circle-exclamation

Customer-Hosted

Outline Of Steps Involved

  • Create a User Pool with AWS Cognito

  • Determin Issuer URL

  • Obtain the Client ID and Client Secret

  • Set up the Redirect URL

  • Create an Identity Provider with Flosum Global Settings

  • Test the SSO

Configuring AWS Cognito for Flosum Cloud Apps

This section shows you how to configure an AWS Cognito User Pool to work with Flosum Cloud Apps for SSO.

circle-exclamation
1

Create AWS Cognito User Pool

  1. Access the AWS Management Console and navigate to the Cognito service.

  2. Select Manage User Pools.

  3. In the User Pools section, click the Create a User Pool button. You'll be prompted to name your new pool.

  4. After naming your pool, select Step through settings. This section lets you define sign-in parameters for your users.

  5. Select the attributes shown in the screenshot below. These attributes determine the information you'll collect from users during registration.

  6. After setting the required attributes, click Next Step to save your configurations.

2

Setting Up Policies

  1. Select the settings to match your security requirements.

  2. Click Next Step.

3

MFA and Verification Configuration

  1. Select Multi-Factor Authentication and verification settings based on your security needs.

  2. Click Next Step to save your configurations.

4

Message Customizations

  1. Edit the verification messages to meet your needs.

  2. Click Next Step to save your configurations.

5

App Clients Configuration

  1. Skip the Tags and Devices steps.

  2. Configure the App Clients.

  3. Click Add an app client.

  4. Edit the settings to match the screenshot below.

  5. Click Next Step to save your configurations.

6

Finalize the User Pool

  1. On the Review step, verify all configurations are correct.

  2. If everything is correct, click Create Pool to finalize the user pool creation.

7

Set the Domain Name

The next step is to create a Domain Name for the User Pool you created.

  1. Navigate to the Domain Name tab.

  2. Enter your desired Domain Prefix.

  3. Click Check Availability.

  4. If the domain is available, click Save Changes.

8

Configure App Client Settings

  1. Navigate to App client settings and update them to match the configurations shown in the screenshot below.

  2. In the CallBack URL(s) field, add the URL of your region for each Flosum Cloud App you want to use with SSO. See the table below for the URLs for your region.

Flosum Cloud App
Callback URL

Global Settings

https://global-us.flosum.app/api/v1/oauth/callback

Backup & Archive

https://backup-us.flosum.app/api/v1/oauth/callback

DevOps

https://devops-us.flosum.app/api/v1/oauth/callback

  1. In the Sign-out URL(s) field, add the URL of your region for each Flosum Cloud App you want to use with SSO. See the table below for the URLs for your region.

Flosum Cloud App
Sign-Out URL

Global Settings

https://global-us.flosum.app/api/v1/oauth/login

Backup & Archive

https://backup-us.flosum.app/api/v1/oauth/login

DevOps

https://devops-us.flosum.app/api/v1/oauth/login

9

Retrieve the ISSUER_BASE_URL

circle-info

You will need the ISSUER_BASE_URL value when creating the Identity Provider in Flosum Global Settings.

  1. Navigate to Manage User Pools within AWS Cognito.

  2. Select the User Pool you created, and then access General Settings.

  3. Note the ISSUER_BASE_URL, which follows the format: https://cognito-idp.<region>.amazonaws.com/<userPoolId>.

10

Retrieve ISSUER_CLIENT_ID and ISSUER_CLIENT_SECRET

circle-info

You will need the ISSUER_CLIENT_ID and ISSUER_CLIENT_SECRET values when creating the Identity Provider in Flosum Global Settings.

  1. Navigate to Manage User Pools within AWS Cognito.

  2. Select the User Pool you created, and then click on App Clients.

  3. Note the ISSUER_CLIENT_ID, found under App client id.

  4. Note the ISSUER_CLIENT_SECRET, found under App client secret.

11

Set Redirect URL

  1. In the Redirect URL field, add the URL of your region for each Flosum Cloud App you want to use with SSO. See the table below for the URLs for your region.

Flosum Cloud App
Callback URL

Global Settings

https://global-us.flosum.app/api/v1/auth/login/open-id

Backup & Archive

https://backup-us.flosum.app/api/v1/auth/login/open-id

DevOps

https://devops-us.flosum.app/api/v1/auth/login/open-id

Create Identity Provider In Global Settings

1

Create Identity Provider

Log in to Flosum Global Settings by following the instructions in the linked article.

circle-info

For more general instructions about adding an Identity Provider, see the following article.

  1. Click Identity Providers from the sidebar menu.

  2. Click Create.

  3. Enter a Name for the identity provider.

  4. Click the Type dropdown menu.

  5. Select OPEN_ID.

  6. Enter the values you saved from your AWS Contigo User Pool into the following fields in the OpenId Information on the Create Identity Provider form.

AWS Contigo
Global Settings

ISSUER_CLIENT_ID

Client ID

ISSUER_CLIENT_SECRET

Client Secret

ISSUER_BASE_URL

Issuer

  1. In the Button Text textbox, enter a label to be displayed on the login button on the login screen.

  2. Click Save.

2

Log In to Flosum Cloud Apps Using AWS Contigo

After configuring AWS Contigo and adding the Identity Provider, test your SSO implementation by logging in to Flosum Global Settings.

circle-info

Tenant Name Log In

SSO is only available when logging in with your Tenant Name.

circle-exclamation

No SSO Button

  1. Open the Flosum Cloud App to log in.

  2. Click Use tenant name.

  3. Enter Tenant Name.

  4. Click the SSO button created by your system administrator.

circle-info

This button may be labeled differently from the screenshot above. Ask your system administrator if you are unsure which button to click.

  1. Complete the login with your SSO provider.

Last updated

Was this helpful?