Menu
Amazon Cognito
Developer Guide (Version Last Updated: 07/28/2016)

Getting Started with Amazon Cognito Federated Identities

Amazon Cognito Federated Identities enable you to create unique identities and assign permissions for users. Your identity pool can include:

  • Users in an Amazon Cognito user pool

  • Users who authenticate with federated identity providers such as Facebook, Google, or a SAML-based identity provider

  • Users authenticated via your own existing authentication process

With an identity pool, you can obtain temporary AWS credentials with permissions you define to directly access other AWS services or to access resources through Amazon API Gateway.

Sign Up for an AWS Account

To use Amazon Cognito identity pools, you need an AWS account. If you don't already have one, use the following procedure to sign up:

To sign up for an AWS account

  1. Open https://aws.amazon.com/, and then choose Create an AWS Account.

  2. Follow the online instructions.

    Part of the sign-up procedure involves receiving a phone call and entering a PIN using the phone keypad.

Create an Identity Pool in Amazon Cognito

You can quickly create an identity pool through the Amazon Cognito console, or you can use the AWS Command Line Interface (CLI) or the Amazon Cognito APIs.

To create a new identity pool in the console

  1. Sign in to the Amazon Cognito console, choose Manage Federated Identities, and then choose Create new identity pool.

  2. Type a name for your identity pool, select Enable access to unauthenticated identities.

  3. If desired, configure an authentication provider in the Authentication providers section. For more information, see Integrate the Identity Providers below.

  4. Choose Create Pool.

  5. Choose Allow to create the two default roles associated with your identity pool–one for unauthenticated users and one for authenticated users. These default roles provide your identity pool access to Amazon Cognito Sync. You can modify the roles associated with your identity pool in the IAM console. For additional instructions on working with the Amazon Cognito console, see Using the Amazon Cognito Console.

Install the Mobile or JavaScript SDK

To use Amazon Cognito identity pools, you must install and configure the AWS Mobile or JavaScript SDK. For more information, see the following topics:

Integrate the Identity Providers

Amazon Cognito Federated Identities support user authentication through Amazon Cognito user pools, federated identity providers—including Amazon, Facebook, Google, and SAML identity providers—as well as unauthenticated identities. This feature also supports Developer Authenticated Identities, which lets you register and authenticate users via your own back-end authentication process.

To learn more about using an Amazon Cognito user pool to create your own user directory, see Amazon Cognito User Pools and Integrating User Pools with Federated Identities.

To learn more about using external identity providers, see External Identity Providers.

To learn more about integrating your own back-end authentication process, see Developer Authenticated Identities.

Get Credentials

Amazon Cognito identity pools provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have authenticated and received a token. With those AWS credentials your app can securely access a back end in AWS or outside AWS through Amazon API Gateway. See Getting Credentials.