Configuring Cognito User pool + Federated Identity (Okta)

In the previous article, we set up an Angular Front end using Amplify. Now we will configure Cognito.


  • Enable Login with hosted UI
  • Enable Login with Federated Identity
  1. Cognito Attributes

2. App Client. (Create without client-secrete)

3. App Client for User Pool

4. Domain Name (You can select your domain name)

These details will be enough for your User Pool Login in Amazon Cognito

Okta is an IDP which is similar to Cognito. We are going to integrate Okta in Cognito. For this, we are going to use Userpool Federated Identity.

  • Okta Setup
  1. Create an App for Cognito

2. Configure the following details in General Settings

3. Under Sign-On tab, note down the issuer URL

4. Assign User to Application

Note: Cognito to Okta, is a service to service authentication. So we don’t enable PKCE flow in Okta.

You have completed the Okta Setup.

  • AWS Cognito Federation for Okta
  1. Under Identity Provider, Configure Okta for OpenId Connect

2. Add the identity provider in App Client Settings

3. We can test if everything is working fine using Postman

Postman — Generate OAuth2 Token

When you click “Request Access Token”, you will be redirected to the login page. After signing in, you will be getting the access token and identity token.

We have now completed configuring Cognito for User Pool & Federated Identity.

  1. In Angular, you can directly redirect to Okta UI, by providing Custom IdP.

2. When we select UserPool Federated Identity, a user will be created inside Cognito User Pool after user logs into Federated Identity.

2. Similarly, a Group will be associated with that User

In the next tutorial, we will integrate this IDP with a spring boot resource server.

Found it Interesting?
Please show your support by 👏.

Writes on Big Data, AWS & Backend technologies.

Writes on Big Data, AWS & Backend technologies.