Member-only story
How to Setup Single Sign-On (SSO) with Azure AD & AWS Cognito

If you want to use…
- AWS Cognito to handle identity in your application
- Azure AD as your Identity Provider (IDP)
- SSO to save your users some hassle
… you’ll need a custom integration. This is a tutorial, so we’re not explaining the ins and outs of federation, SAML, Active Directory or Cognito, just showing how to do it.
In my next post we’ll integrate the SSO setup to a React frontend with a bonus: using your own one-click login page, bypassing Cognito’s unfriendly hosted UI.
Pre-requisites
- Existing Cognito User Pool (see how to create a User Pool here)
- Access & relevant permissions to AWS Cognito and Azure Portal
The first step on the whole SSO thing is to generate a SAML metadata file in Azure AD. However, you can only do it once you have a Cognito Identifier and a Reply URL. Let’s see how to get them.
1. Cognito identifier
It’s a string in the format of urn:amazon:cognito:sp:<UserPoolID>
To find your UserPoolID in the (new) console, navigate to Cognito and click the User Pools option in the left side menu. Select the relevant user pool in the…