A naukri.com initiative
Dev
4w
160
Image Credit: Dev
How to Create a New Entra ID Enterprise Application and Configure Custom Attributes for SAML Login for AWS Cognito
- EntraID users’ user.objectid attribute is unique compared to other attributes, so it is recommended to use it as an identifier
- Unique User Identifier attr. value under Entra ID > User Attributes & Claims should be set to user.objectid in AWS Cognito
- In Entra ID's single sign-on section, Token endpoint value should be set to: https://cognito_domain_url/oauth2/token
- Federation metadata URL must be retrieved from Entra ID, copied, and added in AWS Cognito
- Identity Provider (Entra ID) should be added under Federated identity providers to configure the AWS user pool
- Attributes to be mapped via SAML schema in AWS Cognito must be defined
- After successful authentication via the external IdP, users will be created in Cognito user pool and their user attribute identities will store metadata
- Users’ fields will be updated upon validation, so the attributes passed via JWT will be up-to-date
- By following these steps, you get a fully functioning solution for federated authentication with an external Entra ID and can ensure identity data stays consistent
Read Full Article
9 Likes
For uninterrupted reading, download the app