SlideShare uma empresa Scribd logo

Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks

Amazon Web Services
Amazon Web Services

- Understand user identity and federation principles and practices - Learn how Amazon Cognito works with federated identity providers - See how to use Amazon Cognito to add the forms for user Sign-up and Sign-in to an application

1 de 30
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tim Hunt, Sr. Product Manager, Amazon Cognito September 12, 2017 Deep Dive on User Sign-up and Sign-in with Amazon Cognito
Topics  AWS Mobile Services and Amazon Cognito  Introduction to Amazon Cognito User Pools  Summary of Features  Demo  Sample Use Cases  Getting Started  Q & A
Authenticate users Analyze User Behavior Store and share media Synchronize data Deliver media Amazon Cognito (Sync) Amazon Cognito (Identity) Amazon S3 Amazon CloudFront Store data Amazon DynamoDB Amazon RDS Run Targeted Campaigns Send push notifications Amazon SNS Mobile Push Server-side logic Lambda Device Farm Test your app Build and Scale Your Apps on AWS Amazon Pinpoint Amazon Pinpoint
AWS Mobile Hub: Fastest Way to Build Apps on AWS
Identity is mission critical for applications Authentication User ManagementAuthorization  Manage user lifecycles  Store and manage user profile data  Monitor engagement  Protect data and operations  Provide fine-grained access control  Sign in users  Enable federation with enterprise identities  Enable federation with social identities User Identity
Your User Pools Add user sign-up and sign- in easily to your mobile and web apps without worrying about server infrastructure Serverless Authentication and User Management Verify phone numbers and email addresses and offer multi-factor authentication Enhanced Security Features Launch a simple, secure, low-cost, and fully managed service to create and maintain a user directory that scales to 100s of millions of users Managed User Directory 1 2 3
Comprehensive User Flows Email or Phone Number Verification Forgot Password User Sign-Up and Sign-In Require users to verify their email address or phone number prior to activating their account with a one-time password challenge Provide users the ability to change their password when they forget it with a one- time password challenge Allow users to sign up and sign in using an email, phone number, or username (and password) for your application. User Profile Data Enable users to view and update their profile data – including custom attributes SMS Multifactor Authentication Require users to complete a second factor of authentication by inputting a security code received via SMS as part of the sign-in flow Customize these User Flows Using Lambda Token Based Authentication Use JSON Web Tokens (JWTs) based on OpenID Connect (OIDC) and OAuth 2.0 standards for user authentication in your backend
Custom User Flows Using Lambda Hooks 8 Category Lambda Hook Example Scenarios Custom Authentication Flow Define Auth Challenge Determines the next challenge in a custom auth flow Create Auth Challenge Creates a challenge in a custom auth flow Verify Auth Challenge Response Determines if a response is correct in a custom auth flow Authentication Events Pre Authentication Custom validation to accept or deny the sign-in request Post Authentication Event logging for custom analytics Sign-Up Pre Sign-up Custom validation to accept or deny the sign-up request Post Confirmation Custom welcome messages or event logging for custom analytics Messages Custom Message Advanced customization and localization of messages
Extensive Admin Capabilities Define Custom Attributes Set per-App Permissions Set up Password Policies Create and manage User Pools Define custom attributes for your user profiles Set read and write permissions for each user attribute on a per-app basis Enforce password policies like minimum length and requirement of certain types of characters Create, configure, and delete multiple user pools across AWS regions Require Submission of Attribute Data Select which attributes must be provided by the user prior to completion of the sign-up process Search Users Search users based on a full match or a prefix match of their attributes through the console or Admin API Manage Users Conduct admin actions, such as reset user password, confirm user, enable MFA, delete user, and global sign-out
App Integration and Federation in User Pools Built-in, Customizable User Interface for Sign up / Sign in OAuth 2.0 SupportFederation with Facebook, Login with Amazon, Google, and SAML providers 1 2 3
Built-in, Customizable User Interface Upload your own logo and adjust CSS properties to fit your style and branding
Federation with Cognito User Pools • Built-in integrations with identity providers • Social: Facebook, Google, Login with Amazon • Corporate via SAML 2.0 • Map user attributes into User Pool profiles • Universal directory with common set of profiles and tokens for all users CUP Token Cognito User Pool
Support for OAuth 2.0 in Cognito User Pools • OAuth 2.0 flows: • Authorization code • Implicit • Client credentials • Custom scopes defined for resource servers
Cognito Federated Identities (Identity Pools) • Exchanges tokens from authenticated users for AWS credentials to access resources such as S3 or DynamoDB • You can defined rules for mapping users to different IAM roles to manage permissions • Provides an identity pool id to uniquely identify users Cognito Identity Pool AWS Credentials / / etc token Mobile or web app DynamoDB S3 API GW Access backend resources - tied to IAM role 1 3 2
Two Ways to Federate with Amazon Cognito Cognito User Pools Cognito Identity Pools • Handles the IdP interactions for you • Provides profiles to manage users • Provides OpenID Connect and OAuth2.0 standard tokens • Priced per monthly active user • Provides AWS credentials for accessing resources on behalf of users • Supports rules to map users to different IAM roles • Free
Amazon Cognito for Authentication and Access Get AWS credentials Cognito Identity PoolDynamoDB S3 Access AWS Services Federating IdP Cognito User Pool• User Pools authenticate users and returns standard tokens • User Pool tokens are used to access backend resources • Identity Pools provide AWS credentials to access AWS services Authenticate 3 CUP Token1 IdP Token 2 Redirect / Post back CUP Token 5 6 Access Serverless BackendCUP Token API GW 4 Lambda
Demo
Amazon Cognito: Identity Management Scenarios Business to Consumer Business to Business Business to Employee IoT Scenarios Enterprise DirectoryEnterprise Directory SAML Enterprise Directory SAML AWS IoT
Amazon Cognito: Authorization Scenarios Standalone Identity Provider Amazon API Gateway AWS Credentials Resources • OIDC and OAuth 2.0 tokens from User Pools can be used directly to access backend resources CUP Token CUP Token CUP Token CUP Token AWS IAM AWS Credentials AWS Services S3DDBLambda • User Pool tokens authorize requests via Amazon API Gateway • Token claims can be inspected • Temporary AWS credentials provide access to AWS services • Users can be mapped to different roles and policies API GW
Cognito User Pools and Amazon API Gateway Native Support Custom Authorizer Function Control access to your APIs using bearer token authentication strategies, such as OAuth or SAML – API Gateway’s custom authorizer feature uses bearer tokens to determine access privileges Configure API Gateway to accept ID tokens to authorize users based on their existence in a user pool – User Pools works together with API Gateway to authorize API requests 1 2
Getting Started with Your User Pools See aws.amazon.com/cognito/dev-resources/ for links to  Getting Started Guides  Documentation, SDKs, and Sample Apps  Videos  Presentation Slides  Blog Posts  Developer Forums
Q & A  Visit aws.amazon.com/cognito/ to learn more  Find resources at aws.amazon.com/cognito/dev-resources/  Ask questions at the AWS Developer Forum or Stack Overflow (‘amazon-cognito’ tag)
Thank you!
Appendix
Groups Cognito User Pools Groups and Multiple Authenticated Roles Group A IAM Role A Group B IAM Role B … Authenticated User Identity Get Credentials Multiple Roles for Authenticated Identities Cognito Federated Identities IAM Role and Policy IAM Role and Policy IAM Role and Policy Backend Resources MaptodifferentIAMroles API Gateway DynamoDB S3 ControlAccess
Control Attribute Permissions Choose which user attributes each app can read and write Read Write name phone custom:paid
Creating Users as an Administrator  Developers or administrators can create users in a user pool and send them an optional, customizable invitation email or SMS message  New users sign in with a temporary password and create a new password  User pools can be configured to only allow users created by an administrator
Importing Existing Users Batch Imports  Import users by uploading .csv files  Users will create a new password when they first sign-in  Each imported user must have an email address or a phone number One-at-a-Time Migration  Migrate users individually as they sign in  App first tries to sign in via Cognito, if user does not exist, app signs in via prior identity system, captures username and password, and silently creates user in Cognito  Retains passwords, but requires app coding and maintenance of prior system for some period Prior IdP
Understanding User Status  New users start with “Registered” status  Users must be confirmed before they can sign-in  Users must be disabled before they can be deleted Registered (cannot sign in) Sign-up Confirmed Disabled Admin Confirm Confirm via email/phone or Disable Delete (deleted) Lambda Trigger: Pre Sign-up Reset Required User import Force Change Password Admin Create User Reset password Enable
Verifying Email and Phone  Your User Pools provide built-in verification of email addresses and phone numbers  A six digit code is sent as an email message or SMS text and is submitted via the VerifyUserAttribute API  If both a phone number and email address are provided at sign-up, a verification code will only be sent to the phone  Your app can call GetUser to see if an email address or phone number is awaiting verification, and then call GetUserAttributeVerificationCode to initiate the verification Your verification code is 938764

Recomendados

Deep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksDeep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksAmazon Web Services
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Web Services
 
Amazon Cognito
Amazon CognitoAmazon Cognito
Amazon CognitoAmazon Web Services
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and securityErik Paulsson
 
[AWS & 베스핀글로벌, 바이오∙헬스케어∙제약사를 위한 세미나] AWS 클라우드 보안
[AWS & 베스핀글로벌, 바이오∙헬스케어∙제약사를 위한 세미나] AWS 클라우드 보안[AWS & 베스핀글로벌, 바이오∙헬스케어∙제약사를 위한 세미나] AWS 클라우드 보안
[AWS & 베스핀글로벌, 바이오∙헬스케어∙제약사를 위한 세미나] AWS 클라우드 보안BESPIN GLOBAL
 
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...Amazon Web Services
 

Recomendados

Deep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksDeep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksAmazon Web Services
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Web Services
 
Amazon Cognito
Amazon CognitoAmazon Cognito
Amazon CognitoAmazon Web Services
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and securityErik Paulsson
 
[AWS & 베스핀글로벌, 바이오∙헬스케어∙제약사를 위한 세미나] AWS 클라우드 보안
[AWS & 베스핀글로벌, 바이오∙헬스케어∙제약사를 위한 세미나] AWS 클라우드 보안[AWS & 베스핀글로벌, 바이오∙헬스케어∙제약사를 위한 세미나] AWS 클라우드 보안
[AWS & 베스핀글로벌, 바이오∙헬스케어∙제약사를 위한 세미나] AWS 클라우드 보안BESPIN GLOBAL
 
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...Amazon Web Services
 
Amazon Cognito를 활용한 모바일 인증 및 보안, 자원 접근 제어 기법 - AWS Summit Seoul 2017
Amazon Cognito를 활용한 모바일 인증 및 보안, 자원 접근 제어 기법 - AWS Summit Seoul 2017Amazon Cognito를 활용한 모바일 인증 및 보안, 자원 접근 제어 기법 - AWS Summit Seoul 2017
Amazon Cognito를 활용한 모바일 인증 및 보안, 자원 접근 제어 기법 - AWS Summit Seoul 2017Amazon Web Services Korea
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM IntroductionAmazon Web Services
 
How to use IAM roles grant access to AWS
How to use IAM roles grant access to AWSHow to use IAM roles grant access to AWS
How to use IAM roles grant access to AWSAmazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
[2017 AWS Startup Day] AWS 비용 최대 90% 절감하기: 스팟 인스턴스 Deep-Dive
[2017 AWS Startup Day] AWS 비용 최대 90% 절감하기: 스팟 인스턴스 Deep-Dive [2017 AWS Startup Day] AWS 비용 최대 90% 절감하기: 스팟 인스턴스 Deep-Dive
[2017 AWS Startup Day] AWS 비용 최대 90% 절감하기: 스팟 인스턴스 Deep-Dive Amazon Web Services Korea
 
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Amazon Web Services
 
AWS Cloud trail
AWS Cloud trailAWS Cloud trail
AWS Cloud trailzekeLabs Technologies
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAmazon Web Services
 
Deep Dive on Amazon S3 Storage Classes: Creating Cost Efficiencies across You...
Deep Dive on Amazon S3 Storage Classes: Creating Cost Efficiencies across You...Deep Dive on Amazon S3 Storage Classes: Creating Cost Efficiencies across You...
Deep Dive on Amazon S3 Storage Classes: Creating Cost Efficiencies across You...Amazon Web Services
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API GatewayAmazon Web Services
 
AWS SQS SNS
AWS SQS SNSAWS SQS SNS
AWS SQS SNSDurgesh Vaishnav
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWSAmazon Web Services
 
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要Amazon Web Services Japan
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksAmazon Web Services
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets ManagerAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
AWS CloudFront 가속 및 DDoS 방어
AWS CloudFront 가속 및 DDoS 방어AWS CloudFront 가속 및 DDoS 방어
AWS CloudFront 가속 및 DDoS 방어Kyle(KY) Yang
 
20200630 AWS Black Belt Online Seminar Amazon Cognito
20200630 AWS Black Belt Online Seminar Amazon Cognito20200630 AWS Black Belt Online Seminar Amazon Cognito
20200630 AWS Black Belt Online Seminar Amazon CognitoAmazon Web Services Japan
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Web Services
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

Amazon Cognito를 활용한 모바일 인증 및 보안, 자원 접근 제어 기법 - AWS Summit Seoul 2017
Amazon Cognito를 활용한 모바일 인증 및 보안, 자원 접근 제어 기법 - AWS Summit Seoul 2017Amazon Cognito를 활용한 모바일 인증 및 보안, 자원 접근 제어 기법 - AWS Summit Seoul 2017
Amazon Cognito를 활용한 모바일 인증 및 보안, 자원 접근 제어 기법 - AWS Summit Seoul 2017Amazon Web Services Korea
 
How to use IAM roles grant access to AWS
How to use IAM roles grant access to AWSHow to use IAM roles grant access to AWS
How to use IAM roles grant access to AWSAmazon Web Services
 
[2017 AWS Startup Day] AWS 비용 최대 90% 절감하기: 스팟 인스턴스 Deep-Dive
[2017 AWS Startup Day] AWS 비용 최대 90% 절감하기: 스팟 인스턴스 Deep-Dive [2017 AWS Startup Day] AWS 비용 최대 90% 절감하기: 스팟 인스턴스 Deep-Dive
[2017 AWS Startup Day] AWS 비용 최대 90% 절감하기: 스팟 인스턴스 Deep-Dive Amazon Web Services Korea
 
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Amazon Web Services
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAmazon Web Services
 
Deep Dive on Amazon S3 Storage Classes: Creating Cost Efficiencies across You...
Deep Dive on Amazon S3 Storage Classes: Creating Cost Efficiencies across You...Deep Dive on Amazon S3 Storage Classes: Creating Cost Efficiencies across You...
Deep Dive on Amazon S3 Storage Classes: Creating Cost Efficiencies across You...Amazon Web Services
 
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要Amazon Web Services Japan
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
AWS CloudFront 가속 및 DDoS 방어
AWS CloudFront 가속 및 DDoS 방어AWS CloudFront 가속 및 DDoS 방어
AWS CloudFront 가속 및 DDoS 방어Kyle(KY) Yang
 
20200630 AWS Black Belt Online Seminar Amazon Cognito
20200630 AWS Black Belt Online Seminar Amazon Cognito20200630 AWS Black Belt Online Seminar Amazon Cognito
20200630 AWS Black Belt Online Seminar Amazon CognitoAmazon Web Services Japan
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 

Mais procurados (20)

Amazon Cognito를 활용한 모바일 인증 및 보안, 자원 접근 제어 기법 - AWS Summit Seoul 2017
Amazon Cognito를 활용한 모바일 인증 및 보안, 자원 접근 제어 기법 - AWS Summit Seoul 2017Amazon Cognito를 활용한 모바일 인증 및 보안, 자원 접근 제어 기법 - AWS Summit Seoul 2017
Amazon Cognito를 활용한 모바일 인증 및 보안, 자원 접근 제어 기법 - AWS Summit Seoul 2017
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM Introduction
 
How to use IAM roles grant access to AWS
How to use IAM roles grant access to AWSHow to use IAM roles grant access to AWS
How to use IAM roles grant access to AWS
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
[2017 AWS Startup Day] AWS 비용 최대 90% 절감하기: 스팟 인스턴스 Deep-Dive
[2017 AWS Startup Day] AWS 비용 최대 90% 절감하기: 스팟 인스턴스 Deep-Dive [2017 AWS Startup Day] AWS 비용 최대 90% 절감하기: 스팟 인스턴스 Deep-Dive
[2017 AWS Startup Day] AWS 비용 최대 90% 절감하기: 스팟 인스턴스 Deep-Dive
 
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
 
AWS Cloud trail
AWS Cloud trailAWS Cloud trail
AWS Cloud trail
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets Manager
 
Deep Dive on Amazon S3 Storage Classes: Creating Cost Efficiencies across You...
Deep Dive on Amazon S3 Storage Classes: Creating Cost Efficiencies across You...Deep Dive on Amazon S3 Storage Classes: Creating Cost Efficiencies across You...
Deep Dive on Amazon S3 Storage Classes: Creating Cost Efficiencies across You...
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
 
AWS SQS SNS
AWS SQS SNSAWS SQS SNS
AWS SQS SNS
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
20190730 AWS Black Belt Online Seminar Amazon CloudFrontの概要
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
AWS CloudFront 가속 및 DDoS 방어
AWS CloudFront 가속 및 DDoS 방어AWS CloudFront 가속 및 DDoS 방어
AWS CloudFront 가속 및 DDoS 방어
 
20200630 AWS Black Belt Online Seminar Amazon Cognito
20200630 AWS Black Belt Online Seminar Amazon Cognito20200630 AWS Black Belt Online Seminar Amazon Cognito
20200630 AWS Black Belt Online Seminar Amazon Cognito
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access management
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
 

Semelhante a Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks

Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Web Services
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Amazon Web Services
 
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Amazon Web Services
 
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Amazon Web Services
 
Add User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAdd User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAmazon Web Services
 
Getting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesGetting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesAmazon Web Services
 
User Identity and Authentication
User Identity and AuthenticationUser Identity and Authentication
User Identity and AuthenticationAmazon Web Services
 
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Amazon Web Services
 
amazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesamazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesVladimir Budilov
 
Authentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAuthentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAmazon Web Services
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Amazon Web Services
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
 
Announcements for Mobile Developers
Announcements for Mobile DevelopersAnnouncements for Mobile Developers
Announcements for Mobile DevelopersAmazon Web Services
 
User Authentication and Identity with Amazon Cognito
User Authentication and Identity with Amazon CognitoUser Authentication and Identity with Amazon Cognito
User Authentication and Identity with Amazon CognitoAmazon Web Services
 
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Amazon Web Services
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
 
SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access Services SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access ServicesAmazon Web Services
 

Semelhante a Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks (20)

Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017
 
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
 
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
 
Add User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAdd User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon Cognito
 
Cognito Customer Deep Dive
Cognito Customer Deep DiveCognito Customer Deep Dive
Cognito Customer Deep Dive
 
Getting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesGetting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar Series
 
User Identity and Authentication
User Identity and AuthenticationUser Identity and Authentication
User Identity and Authentication
 
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
 
amazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesamazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutes
 
Authentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAuthentication and Identity with Amazon Cognito
Authentication and Identity with Amazon Cognito
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...
 
Announcements for Mobile Developers
Announcements for Mobile DevelopersAnnouncements for Mobile Developers
Announcements for Mobile Developers
 
User Authentication and Identity with Amazon Cognito
User Authentication and Identity with Amazon CognitoUser Authentication and Identity with Amazon Cognito
User Authentication and Identity with Amazon Cognito
 
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
 
SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access Services SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access Services
 
Building Secure Mobile APIs
Building Secure Mobile APIsBuilding Secure Mobile APIs
Building Secure Mobile APIs
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tim Hunt, Sr. Product Manager, Amazon Cognito September 12, 2017 Deep Dive on User Sign-up and Sign-in with Amazon Cognito
  • 2. Topics  AWS Mobile Services and Amazon Cognito  Introduction to Amazon Cognito User Pools  Summary of Features  Demo  Sample Use Cases  Getting Started  Q & A
  • 3. Authenticate users Analyze User Behavior Store and share media Synchronize data Deliver media Amazon Cognito (Sync) Amazon Cognito (Identity) Amazon S3 Amazon CloudFront Store data Amazon DynamoDB Amazon RDS Run Targeted Campaigns Send push notifications Amazon SNS Mobile Push Server-side logic Lambda Device Farm Test your app Build and Scale Your Apps on AWS Amazon Pinpoint Amazon Pinpoint
  • 4. AWS Mobile Hub: Fastest Way to Build Apps on AWS
  • 5. Identity is mission critical for applications Authentication User ManagementAuthorization  Manage user lifecycles  Store and manage user profile data  Monitor engagement  Protect data and operations  Provide fine-grained access control  Sign in users  Enable federation with enterprise identities  Enable federation with social identities User Identity
  • 6. Your User Pools Add user sign-up and sign- in easily to your mobile and web apps without worrying about server infrastructure Serverless Authentication and User Management Verify phone numbers and email addresses and offer multi-factor authentication Enhanced Security Features Launch a simple, secure, low-cost, and fully managed service to create and maintain a user directory that scales to 100s of millions of users Managed User Directory 1 2 3
  • 7. Comprehensive User Flows Email or Phone Number Verification Forgot Password User Sign-Up and Sign-In Require users to verify their email address or phone number prior to activating their account with a one-time password challenge Provide users the ability to change their password when they forget it with a one- time password challenge Allow users to sign up and sign in using an email, phone number, or username (and password) for your application. User Profile Data Enable users to view and update their profile data – including custom attributes SMS Multifactor Authentication Require users to complete a second factor of authentication by inputting a security code received via SMS as part of the sign-in flow Customize these User Flows Using Lambda Token Based Authentication Use JSON Web Tokens (JWTs) based on OpenID Connect (OIDC) and OAuth 2.0 standards for user authentication in your backend
  • 8. Custom User Flows Using Lambda Hooks 8 Category Lambda Hook Example Scenarios Custom Authentication Flow Define Auth Challenge Determines the next challenge in a custom auth flow Create Auth Challenge Creates a challenge in a custom auth flow Verify Auth Challenge Response Determines if a response is correct in a custom auth flow Authentication Events Pre Authentication Custom validation to accept or deny the sign-in request Post Authentication Event logging for custom analytics Sign-Up Pre Sign-up Custom validation to accept or deny the sign-up request Post Confirmation Custom welcome messages or event logging for custom analytics Messages Custom Message Advanced customization and localization of messages
  • 9. Extensive Admin Capabilities Define Custom Attributes Set per-App Permissions Set up Password Policies Create and manage User Pools Define custom attributes for your user profiles Set read and write permissions for each user attribute on a per-app basis Enforce password policies like minimum length and requirement of certain types of characters Create, configure, and delete multiple user pools across AWS regions Require Submission of Attribute Data Select which attributes must be provided by the user prior to completion of the sign-up process Search Users Search users based on a full match or a prefix match of their attributes through the console or Admin API Manage Users Conduct admin actions, such as reset user password, confirm user, enable MFA, delete user, and global sign-out
  • 10. App Integration and Federation in User Pools Built-in, Customizable User Interface for Sign up / Sign in OAuth 2.0 SupportFederation with Facebook, Login with Amazon, Google, and SAML providers 1 2 3
  • 11. Built-in, Customizable User Interface Upload your own logo and adjust CSS properties to fit your style and branding
  • 12. Federation with Cognito User Pools • Built-in integrations with identity providers • Social: Facebook, Google, Login with Amazon • Corporate via SAML 2.0 • Map user attributes into User Pool profiles • Universal directory with common set of profiles and tokens for all users CUP Token Cognito User Pool
  • 13. Support for OAuth 2.0 in Cognito User Pools • OAuth 2.0 flows: • Authorization code • Implicit • Client credentials • Custom scopes defined for resource servers
  • 14. Cognito Federated Identities (Identity Pools) • Exchanges tokens from authenticated users for AWS credentials to access resources such as S3 or DynamoDB • You can defined rules for mapping users to different IAM roles to manage permissions • Provides an identity pool id to uniquely identify users Cognito Identity Pool AWS Credentials / / etc token Mobile or web app DynamoDB S3 API GW Access backend resources - tied to IAM role 1 3 2
  • 15. Two Ways to Federate with Amazon Cognito Cognito User Pools Cognito Identity Pools • Handles the IdP interactions for you • Provides profiles to manage users • Provides OpenID Connect and OAuth2.0 standard tokens • Priced per monthly active user • Provides AWS credentials for accessing resources on behalf of users • Supports rules to map users to different IAM roles • Free
  • 16. Amazon Cognito for Authentication and Access Get AWS credentials Cognito Identity PoolDynamoDB S3 Access AWS Services Federating IdP Cognito User Pool• User Pools authenticate users and returns standard tokens • User Pool tokens are used to access backend resources • Identity Pools provide AWS credentials to access AWS services Authenticate 3 CUP Token1 IdP Token 2 Redirect / Post back CUP Token 5 6 Access Serverless BackendCUP Token API GW 4 Lambda
  • 17. Demo
  • 18. Amazon Cognito: Identity Management Scenarios Business to Consumer Business to Business Business to Employee IoT Scenarios Enterprise DirectoryEnterprise Directory SAML Enterprise Directory SAML AWS IoT
  • 19. Amazon Cognito: Authorization Scenarios Standalone Identity Provider Amazon API Gateway AWS Credentials Resources • OIDC and OAuth 2.0 tokens from User Pools can be used directly to access backend resources CUP Token CUP Token CUP Token CUP Token AWS IAM AWS Credentials AWS Services S3DDBLambda • User Pool tokens authorize requests via Amazon API Gateway • Token claims can be inspected • Temporary AWS credentials provide access to AWS services • Users can be mapped to different roles and policies API GW
  • 20. Cognito User Pools and Amazon API Gateway Native Support Custom Authorizer Function Control access to your APIs using bearer token authentication strategies, such as OAuth or SAML – API Gateway’s custom authorizer feature uses bearer tokens to determine access privileges Configure API Gateway to accept ID tokens to authorize users based on their existence in a user pool – User Pools works together with API Gateway to authorize API requests 1 2
  • 21. Getting Started with Your User Pools See aws.amazon.com/cognito/dev-resources/ for links to  Getting Started Guides  Documentation, SDKs, and Sample Apps  Videos  Presentation Slides  Blog Posts  Developer Forums
  • 22. Q & A  Visit aws.amazon.com/cognito/ to learn more  Find resources at aws.amazon.com/cognito/dev-resources/  Ask questions at the AWS Developer Forum or Stack Overflow (‘amazon-cognito’ tag)
  • 25. Groups Cognito User Pools Groups and Multiple Authenticated Roles Group A IAM Role A Group B IAM Role B … Authenticated User Identity Get Credentials Multiple Roles for Authenticated Identities Cognito Federated Identities IAM Role and Policy IAM Role and Policy IAM Role and Policy Backend Resources MaptodifferentIAMroles API Gateway DynamoDB S3 ControlAccess
  • 26. Control Attribute Permissions Choose which user attributes each app can read and write Read Write name phone custom:paid
  • 27. Creating Users as an Administrator  Developers or administrators can create users in a user pool and send them an optional, customizable invitation email or SMS message  New users sign in with a temporary password and create a new password  User pools can be configured to only allow users created by an administrator
  • 28. Importing Existing Users Batch Imports  Import users by uploading .csv files  Users will create a new password when they first sign-in  Each imported user must have an email address or a phone number One-at-a-Time Migration  Migrate users individually as they sign in  App first tries to sign in via Cognito, if user does not exist, app signs in via prior identity system, captures username and password, and silently creates user in Cognito  Retains passwords, but requires app coding and maintenance of prior system for some period Prior IdP
  • 29. Understanding User Status  New users start with “Registered” status  Users must be confirmed before they can sign-in  Users must be disabled before they can be deleted Registered (cannot sign in) Sign-up Confirmed Disabled Admin Confirm Confirm via email/phone or Disable Delete (deleted) Lambda Trigger: Pre Sign-up Reset Required User import Force Change Password Admin Create User Reset password Enable
  • 30. Verifying Email and Phone  Your User Pools provide built-in verification of email addresses and phone numbers  A six digit code is sent as an email message or SMS text and is submitted via the VerifyUserAttribute API  If both a phone number and email address are provided at sign-up, a verification code will only be sent to the phone  Your app can call GetUser to see if an email address or phone number is awaiting verification, and then call GetUserAttributeVerificationCode to initiate the verification Your verification code is 938764