Skip to main content

Setting up AWS Cognito as an Identity Provider

Follow the steps below to set up AWS Cognito as an Identity Provider.

Obtain AWS Cognito information

In order for Aserto to communicate with AWS Cognito, you'll need four pieces of information:

  • AWS Access Key
  • AWS Secret Key
  • Region
  • Cognito User Pool ID

You should create specific AWS credentials for the Aserto console.

Cognito User Pools are specific to a region. Pick the region you would like to import users and groups from in the AWS Console.

Then navigate to the Cognito tab, and pick the User Pool you'd like to import from:

Connect AWS Cognito to Aserto

To connect AWS Cognito to Aserto as an identity provider, head to the Aserto console and open the Connections tab.

In the Connections tab, click the "Add a Connection" button. In the following screen, use the "AWS Cognito" provider. Name the connection "cognito" and use the display name "AWS Cognito". Then, paste the AWS Region (for example, us-west-2); AWS Access Key; AWS Secret Key; and Cognito User Pool ID into their corresponding fields.

If you'd like to retrieve groups as well as users, turn on the corresponding checkbox.

Finally, click the "Add connection" button to save the connection. Aserto will now automatically sync your AWS Cognito users to the Aserto directory.