Amazon Cognito SSO
Follow the sections in this guide to set up Amazon Cognito SSO.
Create Server Credentials
Step 1: Login to AWS Portal
- Login to Amazon AWS Portal.
- Search for
Cognitoin the search box and select Cognito Service from the dropdown menu.
Search for Cognito
Step 2: Setup User Pool
- Click on the "Create user pool" button if you do not have any user pools configured yet. Skip this step if you already have a user pool available.
- Select the type of ID providers you want to configure for your users and click "Next"
Setup User Pool
- Configure the security requirements in Step 2 as per your organizational needs and proceed to Step 3
- Configure the Sign-up experience in Step 3. Make sure to add email as a required attribute before proceeding to step 4
Configure Sign up Experience
- Configure message delivery as per your organizational needs and proceed to Step 5
- In Step 5, add a name for the user pool and check the "Use the Cognito Hosted UI" option and provide a Cognito domain as shown in the screenshot below
Integrate your App
- In the same step, select "Public client" for the Initial App client type and configure the Allowed callback URLs
http://localhost:8585/callbackas shown in the screenshot below. Note: For production deployments, the Allowed callback URLs should be updated with the appropriate domain name.
Configure the App Client
- The last step is to Review and create the User Pool.
Step 3: Where to find the Credentials
User Pool IDcan be found in the User Pool summary page as seen in the screenshot below
User Pool ID
- The App client ID can be found under the "App Integration" tab of the User Pool page. There will be a section that lists all the App clients with client name and client ID as shown below
After the applying these steps, you can update the configuration of your deployment:
Docker Security Configure Amazon Cognito SSO for your Docker Deployment.
Bare Metal Security Configure Amazon Cognito SSO for your Bare Metal Deployment.
Kubernetes Security Configure Amazon Cognito SSO for your Kubernetes Deployment.
The ingestion can be configured by Enabling JWT Tokens.
When setting up the YAML config for the connector, update the
workflowConfig as follows:
workflowConfig: openMetadataServerConfig: hostPort: http://localhost:8585/api authProvider: openmetadata securityConfig: jwtToken: jwt_token