AWS Cognito

Allow users to sign in with AWS Cognito

AWS Cognito Integration

AWS Cognito User Pools integration enables you to leverage Amazon’s managed identity service for user authentication and management.

Prerequisites

AWS account with Cognito access
Cognito User Pool configured
SendAuth subdomain configured

Configuration Steps

1. Configure Cognito App Client

Create a Traditional web application app client in Cognito.

The Cognito user pool should provide the email attribute.

Name your app client “SendAuth”.

After the client is created, click the Login pages tab and then Edit.

For Allowed callback URLs, add a SendAuth callback URL: https://<your-subdomain>.app.sendauth.com/oauth/callback, replacing <your-subdomain> with the subdomain configured in your SendAuth account.

Under OpenID Connect scopes, ensure Email and OpenID are selected. Optionally, add Phone (if you want to automatically sync Cognito users’ phone numbers to SendAuth).

Click Save changes.

2. Gather Client Integration Information

On the app client view, there are copyable texts for both Client ID and Client secret. You will need both values to configure Cognito in SendAuth.

On the Overview, there’s a copyable User pool ID. You will need that, too.

3. Set Up Identity Provider

In SendAuth, navigate to Settings, then click the Authentication tab. Set Use local authentication to Disabled.

Issuer will be in the format https://cognito-idp.<aws-region>.amazonaws.com/<user-pool-id>, substituting your region (e.g., us-east-1) for <aws-region> and your User pool ID from step 2 for <user-pool-id>.

Client ID will be the Client ID from step 2.

Client Secret will be the Client secret from step 2.

SendAuth identity provider configuration screenshot

Click Save.

Once configured, users who visit https://<your-subdomain>.app.sendauth.com will be sent to your Cognito instance when they need to sign in.