When you are building enterprise software, you will often encounter requests to integrate your system with the identity management systems of the enterprise. In this article, assuming that your software uses AWS Cognito as the identity provider, I have indicated how to integrate with Okta as the identity provider. Amazon Cognito user pool allows users to sign-in through an external identity provider (federation), such as Okta. A user pool integrated with Okta allows users in your Okta app to get user pool tokens from Amazon Cognito and authenticate apps that use cognito.
- Cognito user pool created in the aws account
- Okta developer account
Create an app client in your user pool
- When adding an app client, clear the “Generate client secret check box”.
- Select the required auth flows – Select at least ALLOW_USER_SRP_AUTH and ALLOW_REFRESH_TOKEN_AUTH
Note: We are using “Authorization code grant” authentication flow which does not require client secrets.