SaaS authentication: Identity management with Amazon Cognito user pools
Security Blog
This article discusses different approaches to handle identity management and multi-tenancy in SaaS applications using Amazon Cognito user pools.
Specifically, the article covers:
- An overview of Amazon Cognito and the types of tokens it issues (ID, access, and refresh tokens)
- Five patterns for representing SaaS identity with Cognito:
- Using custom attributes to represent tenant context
- Shared user pool (pool model)
- Group-based multi-tenancy (pool model)
- Dedicated user pool per tenant (silo model)
- Application client per tenant (bridge model)
- Advantages and disadvantages of each pattern
- Conclusion highlighting the need to evaluate requirements and adopt a hybrid model if needed
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Sep 13
2024
2024
Amazon Cognito user pools now offer email as a multi-factor authentication (MFA) option
May 14
2024
2024
Using Amazon Cognito as an identity provider with AWS Transfer Family and Amazon S3
Nov 7
2025
2025
Creating great authentication experiences with Amazon Cognito and Authsignal
Nov 22
2024
2024
Improve your app authentication workflow with new Amazon Cognito features
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.