How to set up SAML federation in Amazon Cognito using IdP-initiated single sign-on, request signing, and encrypted assertions
Security Blog
This blog post provides a detailed guide on how to set up SAML federation in Amazon Cognito using IdP-initiated single sign-on (SSO), request signing, and encrypted assertions. It covers the following key points:
Specifically, the article covers:
- Benefits of using IdP-initiated SSO for centralized administration and reduced dependency on service providers
- Prerequisites and step-by-step instructions to integrate Microsoft Entra ID (SAML IdP) with an Amazon Cognito user pool
- Enabling encrypted SAML responses for additional security and privacy of user data
- Setting up RelayState parameter in Entra ID for IdP-initiated authentication flow
- Enabling signed authentication requests when using SP-initiated flow
- Testing and validating the IdP-initiated and SP-initiated authentication flows
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Jul 24
2024
2024
Configure SAML federation with Amazon OpenSearch Serverless and Keycloak
Oct 15
2025
2025
Simplify external SAML identity provider integration with Amazon Cognito user pools using automated metadata extraction
Feb 6
2024
2024
Amazon WorkSpaces SAML 2.0 Federation with Keycloak
Aug 5
2024
2024
SaaS authentication: Identity management with Amazon Cognito user pools
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.