Amazon Cognito SSO

Follow the sections in this guide to set up Amazon Cognito SSO.

  • Login to Amazon AWS Portal.
  • Search for Cognito in the search box and select Cognito Service from the dropdown menu.
create-account

Search for Cognito

  • Click on the "Create user pool" button if you do not have any user pools configured yet. Skip this step if you already have a user pool available.
  • Select the type of ID providers you want to configure for your users and click "Next"
create-account

Setup User Pool

  • Configure the security requirements in Step 2 as per your organizational needs and proceed to Step 3
  • Configure the Sign-up experience in Step 3. Make sure to add email as a required attribute before proceeding to step 4
create-account

Configure Sign up Experience

  • Configure message delivery as per your organizational needs and proceed to Step 5
  • In Step 5, add a name for the user pool and check the "Use the Cognito Hosted UI" option and provide a Cognito domain as shown in the screenshot below
create-account

Integrate your App

  • In the same step, select "Public client" for the Initial App client type and configure the Allowed callback URLs with http://localhost:8585/callback as shown in the screenshot below. Note: For production deployments, the Allowed callback URLs should be updated with the appropriate domain name.
create-account

Configure the App Client

  • The last step is to Review and create the User Pool.
  • The User Pool ID can be found in the User Pool summary page as seen in the screenshot below
create-account

User Pool ID

  • The App client ID can be found under the "App Integration" tab of the User Pool page. There will be a section that lists all the App clients with client name and client ID as shown below
create-account
create-account

Client ID

After the applying these steps, you can update the configuration of your deployment:

The ingestion can be configured by Enabling JWT Tokens.

When setting up the YAML config for the connector, update the workflowConfig as follows:

workflowConfig:
  openMetadataServerConfig:
    hostPort: http://localhost:8585/api
    authProvider: openmetadata
    securityConfig:
      jwtToken: jwt_token

Still have questions?

You can take a look at our Q&A or reach out to us in Slack

Was this page helpful?

editSuggest edits