Amazon Cognito
Developer Guide

Adding SAML Identity Providers for Your User Pool

A SAML 2.0 identity provider is an entity in Amazon Cognito that describes an identity provider (IdP) that supports the SAML 2.0 standard. You can create and manage a SAML IdP in the AWS Management Console, or with Amazon Cognito CLI or Amazon Cognito API calls. To get started with the console see Step 4. Add Sign-in with a SAML Identity Provider to a User Pool (Optional).


SAML federation support in Amazon Cognito User Pools is independent of Amazon Cognito identity pools (federated identities).

Your user pool acts as a service provider (SP) on behalf of your application. Amazon Cognito supports SP-initiated single sign-on (SSO) as described in section 5.1.2 of the SAML V2.0 Technical Overview. The redirect endpoint for the POST binding is https://<domain_prefix>.auth.<region>