AWS Documentation » Amazon Cognito » Developer Guide » Amazon Cognito User Pools » Adding User Pool Sign-in Through a Third Party » Adding SAML Identity Providers for Your User Pool

Adding SAML Identity Providers for Your User Pool

A SAML 2.0 identity provider is an entity in Amazon Cognito that describes an identity provider (IdP) that supports the SAML 2.0 standard. You can create and manage a SAML IdP in the AWS Management Console, or with Amazon Cognito CLI or Amazon Cognito API calls. To get started with the console see Step 4. Add Sign-in with a SAML Identity Provider to a User Pool (Optional).

Note

SAML federation support in Amazon Cognito User Pools is independent of Amazon Cognito identity pools (federated identities).

Your user pool acts as a service provider (SP) on behalf of your application. Amazon Cognito supports SP-initiated single sign-on (SSO) as described in section 5.1.2 of the SAML V2.0 Technical Overview. The redirect endpoint for the POST binding is https://<domain_prefix>.auth.<region>.amazoncognito.com/saml2/idpresponse.

Topics

• SAML User Pool IdP Authentication Flow
• Integrating Third-Party SAML Identity Providers with Amazon Cognito User Pools
• Specifying Identity Provider Attribute Mappings for Your User Pool