Use SAML with Amazon Cognito to support a multi-tenant application with a single user pool
Blog
This article discusses how to use a single Amazon Cognito user pool to support a multi-tenant application while integrating with multiple SAML identity providers (IdPs) like Google Workspace, Okta, or Active Directory Federation Services (AD FS).
Specifically, the article covers:
- Using a single Cognito user pool for multiple customers
- Configuring SAML integration with each customer's IdP in Cognito
- Mapping IdP attributes like email and groups to Cognito user attributes
- Using a Lambda function to retrieve tenant details from a DynamoDB table based on the user's email domain
- Adding custom attributes like tenantName to the Cognito JWT token for multi-tenancy
- Implementing a demo application architecture with AWS services like API Gateway, Lambda, DynamoDB, and Amplify
- Conclusion on using Cognito for multi-tenant applications with external IdPs
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.