How To Integrate Okta Saml With AWS Cognito

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hey ladies and gentlemen welcome to undialed tech and today we're gonna be looking into integrating octa and aws so let's get started first you need an aws account and the octa account i'm using the developers account because right now i just for testing purposes and tutorials so let's get started i'm gonna start going to my aws account right here and then enter your account id or login as your iam user this tip you know you can fast forward now enter your account id click next to your im user [Music] remember to always use mfa [Music] [Music] once you're logged in you're first going to create a cognito user pool now we do that uh just search cognito and click on cognito manage user pools right now i don't have any user pools so i'll go ahead and create a user pool ah obviously you need a name for it so i'm gonna call this share dash and then click review to skip all the steps by default email is attribute that is much to it so you can scroll down here and click create app but instead of doing that first of all let's go create a app client so i want to name this uh disable the generates clan secret because something to do with tls i forgot what it is but um just disable that for now and then go ahead and create app all right once that's done um come to attributes i'll make sure everything there is good all right now go to review again scroll down create your app now if you mess up creating your user pool especially when it comes to attributes as you can see there's no way of there's no way of editing this so what you have to do is create a new user pool and do a user migration using like um user migration lambda or something but that's the story for a different day anyways let's go to app client settings as you can see there's a cognito um we're gonna add our url here which i like to do my website because i don't have an app so under the tech if you have a standard url that you want your users to be directed you can send them there uh for now i'll select both authorization grant and increase an implicit grant uh for autoscope i'll take email i'll do open id profile and aws cognito sign in to user admin in case i need to do something in the command line so once you get those done uh go ahead and click save changes go to the domain uh use your domain so in our case i'm going to go to chair dash see w make sure that your domain is available so you can click check and it is um go ahead and click save changes right i think that's it so there's nothing else to do on this over here uh you're gonna need these app client id so make sure you know what this is and also you're gonna need your pool id for later so since that's done uh let's jump over to octa we are at octado and let's sign in um this is my dash i have about nothing really so what you need to do here is come over here to applications click on applications and then create app integration so go ahead and click create app integration and we're doing sumo so i'm going to select samo next and then our name for the application i will call this shared dash okay so if you have a logo you can add it since i don't have one i won't click on next for the sign in url or for the single sign on url here you need here you need this url which is your um here you need the url which is your cognito domain url only that at the end you have samo2 idp response and then for your audience it's a cognito iron not the arn but the cognitive iron so how you get the iron is you put in urn at amazon and then the service name and then the service that since it's a service provider sp and then you need to go back over here and get your pool id you're doing this in usc 2 so i'll copy that go back to my octa and paste that over there so that that is looking good i'm not going to add any default real estate however i will change the name id format because if i don't do this right here it's going to have an issue with cognito later on and we don't want that so instead of unspecified i'll put email address um for octa username you can just stick with email so email email that's good then you scroll down for the name attribute which this is optional you want to paste this samo2 email claim and i'll put all these links in the description or these commands or you can go to the website and take a look at the tutorial for the name format you want to go with we just leave that as an as specified but we need to go with user dot name for the value you can add group attributes if you want uh you can preview the sum or session that we just created but let's go ahead and click next and here you can select whether you want octa to do whatever contact you or give you advice i'm gonna go ahead and just click finish for now all right now i just select this one and then just click finish so now the configuration is done this is our metadata right here uh we're gonna need this for later if you want to view instructions you can but we need to assign users to this application so let's head over to assignments click on assignment now i do have a group already here and that group has users it's that group has users in it i have a group called cognito and one everyone for every user in my app but we gotta go the group that i assigned the name cognito so click over there assign and then click done and my users in that group are gonna be populated okay so let's go back to single sign-on and right-click on this one and copy the link address once you copy the link and or download the metadata we're going to use that to create a netdp incognito so keep in mind that's what we're going to use how you want to download it now you can actually right click this and open in a new tab and in this tab you can come over here uh if you're using chrome this is the best option to use i've tried firefox uh it doesn't work that well but with chrome just come over here go to mod tools and save pages and we're going to save as metadata and this will go to our download so i'll click on save so that's how you save your metadata if you want to go that way otherwise just right clicking and copying the link address works just fine so now let's move to cognito scroll down to federation and uh identity providers click on identity providers so you can create an idp using one of these that are pre-configured for you if you're using google facebook apple or open id but we're using samo so we're gonna go ahead and click on samo and provide our link here you can paste it so if you download the metadata you can just upload it here and it will populate it for you and for the name you need one so we're gonna call this octa and then if you want to enable uh idp sound outflow you can now which you know we can create provider now you have your idp set now it's time to set if our application works so scroll up the easiest way is to use hosted ui or you can construct your own login i'll leave the documentation on how you can construct yours uh from cognitive documentation but for the sake of time uh let's just use the hosted ui so you want to select all cognito user cognito and octa users scroll down first of all save the changes and let's click on hosted ui and now as you can see if you have native cognito users they can log in through here or you can just use your octal and it seems to have an issue and let's see what the issue is so looking at this url we can support our mistake so we've added our domain but the region part says region so cognito doesn't understand what this is so what we need to do is go back to octa and actually let's come over here and just make sure we copy that go back to octa and edit actually i think we have to redo this oh no we can edit our samo here click on next now region let's replace that with uf 2 name id format mail [Music] everything looks good so let's click next there is a space here so back that down [Music] let's try this time stem goes through click on finish we have to redo our authentication again or idp right click copy link address go back to cognito idp providers samo delete this one name it octa again create right since that's created there's one thing we met we missed from last time and that's attribute mappings so so let's go to attribute mappings and add an attribute remember this claim for email address so let's select email click on save changes go back to users and groups actually app client select all everything else stays save changes let's give it a shot this time okay so let's see if this works click on octa oh you see the octa dash and there you go now one thing you didn't do was ask me for my password and stuff so let's see if we can log in as a different user let's go to uh i don't have a user created yet so um since we logged into octa over here it's going ahead and logging us in but if i logged out of octa okay and look out of that that so we only have that actually let's even move that and let's just use a cog so let's try it again click on octa there you go you have to enter your username and password so i forgot my username and password but you get the point once you log in then you'll be able to uh go ahead and access your application now so that's it i want to follow up this tutorial with another one called sharing dashboards with cloud watch so if you're interested in that one make sure you subscribe and head over to our patreon page and see the rest of the video yep i will continue the rest of this and share it on our patreon page just to support the channel i don't have a lot of users so i don't get paid i'm not looking to get paid but you know it's good to see some you know some kickback so if you want to see the rest of these head on our patreon page and watch the rest of it thank you and peace out may yeshua bless you
Info
Channel: Undiluted Tech
Views: 209
Rating: undefined out of 5
Keywords: amazon cognito, cognito, aws cognito, amazon cognito tutorial, aws cognito tutorial, aws cognito google sign in, cognito authentication, aws cognito authentication example, amazon cognito identity pool, aws cognito identity pool, cognito hosted ui, how to authenticate users with tokens using cognito, aws cognito example, amazon cognito demo, amazon cognito react, amazon cognito google, cognito google, aws cognito sso, amazon cognito user pools, cognito node.js
Id: D7K2rplLHvk
Channel Id: undefined
Length: 16min 42sec (1002 seconds)
Published: Thu Sep 23 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.