Amazon Cognito
Developer Guide

Using Federation for Amazon Cognito User Pools

Federation enables users to sign in to an Amazon Cognito user pool using an external identity provider. Currently, users can sign up and sign in through:

  • Corporate identity providers (IdPs), such as Microsoft Active Directory Federation Services, via SAML

  • Social identity providers, such as Facebook, Google, and Login with Amazon

Federation for Amazon Cognito user pools simplifies user management. It provides a unified user directory so that user profiles for all users from federated IdPs can be managed in your user pool. It simplifies authentication and authorization by providing a common set of tokens for all authenticated users from all IdPs, so backend systems can standardize on one set of tokens. It provides built-in integrations with IdPs, so developers can direct users to Amazon Cognito for sign-up or sign-in, and Amazon Cognito can manage the rest of the process. Amazon Cognito also provides a single sign-on (SSO) experience, allowing users to sign in once for access to multiple apps when those apps use the same Amazon Cognito user pool.