Amazon Cognito

The Amazon Cognito connection is a user provider that automatically imports your users and keeps them up-to-date in UserHub.

To enable the Amazon Cognito connection, you'll need access to an Amazon Cognito user pool and the ability to create an access key with the appropriate permissions.

Get Amazon Cognito user pool ID

  1. Go to the Cognito dashboard
  2. Switch to to the region with the user pool you want to connect to UserHub
  3. Note the User pool ID, you'll need it for the Setup connection step

Create AWS access key

  1. Go to the IAM users dashboard
  2. Click Create user to add a new access key
  3. Enter userhub for the User name and click Next
  4. Select Attach policies directly
  5. Search for the AmazonCognitoPowerUser policy name (you can also create a more restrictive custom policy, see example below)
  6. Check the checkbox to the left of the policy name and click Next
  7. Click Create user
  8. Search for userhub and click on it
  9. Click the Security credentials tab
  10. Scroll down to the Access key section and click Create access key
  11. Select Third-party service, check the Confirmation checkbox, and click Next
  12. Click Create access key
  13. Note the Access key and Secret access key, you'll need it in the next step

Setup connection

Next, you will need to set up the connection in the UserHub Admin console.

  1. Go to Connections from the Developers dropdown
  2. Click the Setup button for Amazon Cognito
  3. Enter your Amazon Cognito User pool ID
  4. Enter the Region for your user pool
  5. Enter the Access key ID and Access key secret you created above
  6. Click Save
  7. Make sure the status switches to Active

Optional: setup Portal callback

Next, you have the option of using Amazon Cognito's sign-in interface instead of implementing the Portal callback handler.

Create app for callback

  1. Go to the Cognito dashboard
  2. Click on your User pool name
  3. Click App clients in the navigation menu
  4. Click the Create app client button
  5. Select Traditional web application for Application type
  6. Enter Billing (or whatever you prefer) for Name your application
  7. Enter https://<portal-domain>/signin for the Return URL (you can find this URL in the Admin console Portal settings)
  8. Click Create app client
  9. Click the Login pages tab
  10. Click Edit in the Managed login pages configuration section
  11. Click Add sign-out URL and enter https://<portal-domain>/signout
  12. Scroll to the bottom of the page and click Save changes
  13. Note the Client ID and Client secret, you'll need it in the next step

Add app settings to connection

  1. Go to Connections from the UserHub Admin console Developers dropdown
  2. Click Amazon Cognito
  3. Click the Edit connection button
  4. Click Enable Portal sign-in
  5. Enter the Client ID and Client secret you noted above and click Save

You should now be able to open https://<portal-domain>/ in your browser and sign in.

Custom policy

If you'd like to restrict the permissions available to the security key to the absolute minimum, you can create a custom policy based on the following example:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "UserHubConnection",
      "Effect": "Allow",
      "Action": [
        "cognito-idp:AdminCreateUser",
        "cognito-idp:AdminDeleteUser",
        "cognito-idp:AdminDeleteUserAttributes",
        "cognito-idp:AdminDisableUser",
        "cognito-idp:AdminEnableUser",
        "cognito-idp:AdminGetUser",
        "cognito-idp:AdminUpdateUserAttributes",
        "cognito-idp:DeleteUser",
        "cognito-idp:DeleteUserAttributes",
        "cognito-idp:DescribeUserPool",
        "cognito-idp:GetUser",
        "cognito-idp:ListUsers",
        "cognito-idp:SignUp",
        "cognito-idp:UpdateUserAttributes"
      ],
      "Resource": "<amazon-cognito-user-pool-arn>"
    }
  ]
}
PreviousClient SDKs
NextAuth0

Turn users intorevenue
$

Subscribe to monthly product updates

© 2024 UserHub

Integrations

    UserHub & Auth0UserHub & Stripe BillingUserHub & Google CloudUserHub & FirebaseUserHub & custom auth