Is it possible to AWS Cognito as a SAML-based IdP to authenticate users to AWS Workspaces with MFA?
Asked
Active
Viewed 464 times
0
-
Related: https://stackoverflow.com/questions/72517274/how-to-use-aws-cognito-as-identity-provider and https://stackoverflow.com/questions/44512540/saml-idp-aws-cognito-iam-as-an-identity-provider – jarmod Dec 02 '22 at 20:15
1 Answers
1
Amazon Cognito supports authentication with identity providers (IdPs) through Security Assertion Markup Language 2.0 (SAML 2.0). Users can access WorkSpaces with SAML 2.0 authentication with latest version of WorkSpaces. Cognito User pool supports MFA.

mzm
- 53
- 3
-
Thanks mzm! Do you know whether Cognito can be used as an IdP itself instead of relying on 3rd party IdPs? – Daniel Gartmann Dec 02 '22 at 19:26
-
Cognito user pool and identity pool are the equivalent of IdP, e.g where register user and identity are managed.. See doc for identity & similar docs for user pool, https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html – mzm Dec 02 '22 at 19:29
-
Thanks for the link mzm! I think that Cognito would only be able to issue OIDC tokens and hence wouldn’t work with AWS Workspaces as it only supports SAML based IdPs. – Daniel Gartmann Dec 02 '22 at 19:42
-
Did some digging and came up with the following, maybe I'm misunderstanding something ((my apologies if this is the case)) WorkSpaces Integration with SAML 2.0 PDF RSS Integrating SAML 2.0 with your WorkSpaces for desktop session authentication allows your users to use their existing SAML 2.0 identity provider (IdP) credentials and authentication methods through their default web browser. By using your IdP to authenticate users for WorkSpaces, you can protect WorkSpaces by employing IdP features like multi-factor authentication and contextual access policies. – mzm Dec 02 '22 at 19:51