Salesforce

Use AWS Cognito for OpenID

Printable View
« Go Back
Information
Use AWS Cognito for OpenID
000008236
Public
Product Selection
aiWare - aiWare
Article Details

AWS Cognito user pools can be used as an OpenID Connect Provider (OIDC). OpenID connect is an authentication protocol built on OAuth 2.0 that can be used securely for user authentication.

Create an AWS Cognito OpenID app client

In the AWS Management Console, perform the following steps:

  1. Navigate to the Cognito service.

  2. Select or create a user pool. 

  3. Within the selected user pool, navigate to the App Clients and select Create app client.

    • Select "Traditional web application."

    • Name the application.

    • If the aiWARE connector Callback URI is available, add that as the Return URL. Otherwise, leave as is. It can be added later.

    • Select "Create app client."

  1. Once the application is created, navigate to the "Login pages" tab within that application.

    • Add the following scopes: email, openid, and profile.

    • Update the Return URL if necessary.

    • Save changes.

Configure an aiWARE organization and authentication login connector

To configure your aiWARE organization to use an AWS OpenID app client for authentication, you need at least one user with the Admin role in your aiWARE organization. The Admin role is required to link the aiWARE Organization to the OpenID Connect Provider. For more information about adding admins and users, see Administrators and organizations.

For these steps, you will need:

  • Client ID
  • Client Secret
  • Issuer URL

Both the Client ID and Client Secret can be gathered from the App Client Information section of the target App Client.

  1. Access the Admin Center utility by logging in to your aiWARE administrative account. In the header bar, select the utility icon utility icon and then Admin Center Admin Center icon. Admin Center slides out as a panel.

  2. Click IAM in the left navigation panel. The Identity and Access Management panel appears.

  3. Click Add New to open the Log In Connector wizard. Fill out the Provider Configuration options:

    • Name - Enter a name for the connection

    • (Optional) Description - Enter a description for the connection

    • (Optional) Website URL - Enter the value for the application domain

    • Client ID - Enter the Client ID value noted above

    • Client Secret - Enter the Client Secret value noted above

    • Issuer URL - Enter a URL that follows this form: https://cognito-idp.{region}.amazonaws.com/{user_pool_id}/.well-known/openid-configuration

  4. Click Next.

  5. Fill out the Button Design options. These represent the login button users see when logging into aiWARE, once connected.

    • Button text label - Descriptive title seen at login screen. This must always start with "Login with…"

    • (Optional) Button Logo

    • (Optional) Customize the color and text color of your button

  6. Click Create. A new OIDC Provider section appears on the screen with a Callback URL.

  7. Click Copy Callback URI. This URI is used to populate the Callback URL in the AWS Cognito app client "Login pages" configuration area. Ensure that the Callback URL is updated if the AWS Cognito app client has already been created.
Additional Technical Documentation Information
Properties
4/3/2025 9:30 PM
4/3/2025 10:55 PM
4/3/2025 10:55 PM
Documentation
Documentation
000008236
Translation Information
English
Powered by