- Understand user identity and federation principles and practices
- Learn how Amazon Cognito works with federated identity providers
- See how to use Amazon Cognito to add the forms for user Sign-up and Sign-in to an application
This document discusses how Amazon Cognito can be used to manage user identities, synchronize app data across devices, and securely access AWS cloud resources from a mobile app. It describes Amazon Cognito's key capabilities such as authenticating users, authorizing access, synchronizing app state, securely storing user data and media, and sending push notifications. It also provides examples of how to use Amazon Cognito for identity management, data synchronization, and secure AWS access in a mobile app.
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
Ed Lima, a Solutions Architect at AWS, discusses adding user sign-in, user management, and security to mobile and web applications using Amazon Cognito. The presentation covers Amazon Cognito Identity for user authentication and authorization, Cognito User Pools for user management, and how applications can integrate with Cognito. It also demonstrates how Cognito can federate with identity providers and provides sample use cases for business to consumer, business to business, and IoT applications.
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIsAmazon Web Services
Amazon API Gateway is a fully managed service that makes it easy for developers to create, deploy, secure, and monitor APIs at any scale. In this presentation, you’ll find out how to quickly declare an API interface and connect it with code running on AWS Lambda. Amazon API Gateway handles all of the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management. We will demonstrate how to build an API that uses AWS Identity and Access Management (IAM) for authorization and Amazon Cognito to retrieve temporary credentials for your API calls. We will write the AWS Lambda function code in Java and build an iOS sample application in Objective C.
by Fritz Kunstler, Sr. AWS Security Consultant AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
The document outlines 10 best practices for managing identity and access management (IAM) on AWS:
1. Create individual users instead of sharing credentials.
2. Configure a strong password policy and regularly rotate credentials.
3. Enable multi-factor authentication for privileged users.
4. Manage permissions with groups and grant least privilege.
5. Use IAM roles to allow cross-account access and provide access to EC2 instances and federated users.
6. Enable AWS CloudTrail logging to monitor API activity.
7. Reduce use of root credentials where possible.
The document provides explanations and examples for each best practice.
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
Authentication and Authorization for Connected Mobile & Web Applications using Amazon Cognito and AWS AppSync
One of the key challenges for mobile applications is managing users and their identities in order to support monetization strategies, provide differentiated services, and manage fine grained access and data controls. In this session, you’ll learn how Amazon Cognito provides user sign-up and sign-in as part of your onboarding workflow and advanced capabilities for data access/feature management and security.
Level: Intermediate
Speaker: Brice Pelle - Enterprise Support Lead, AWS
Discussed the capabilities, advantages and disadvantages of Keycloak, made a basic understanding of how it can be applied and integrated into various systems.
Speaker - Ihor Didyk, Software Engineer, GlobalLogic.
This document discusses how Amazon Cognito can be used to manage user identities, synchronize app data across devices, and securely access AWS cloud resources from a mobile app. It describes Amazon Cognito's key capabilities such as authenticating users, authorizing access, synchronizing app state, securely storing user data and media, and sending push notifications. It also provides examples of how to use Amazon Cognito for identity management, data synchronization, and secure AWS access in a mobile app.
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
Ed Lima, a Solutions Architect at AWS, discusses adding user sign-in, user management, and security to mobile and web applications using Amazon Cognito. The presentation covers Amazon Cognito Identity for user authentication and authorization, Cognito User Pools for user management, and how applications can integrate with Cognito. It also demonstrates how Cognito can federate with identity providers and provides sample use cases for business to consumer, business to business, and IoT applications.
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIsAmazon Web Services
Amazon API Gateway is a fully managed service that makes it easy for developers to create, deploy, secure, and monitor APIs at any scale. In this presentation, you’ll find out how to quickly declare an API interface and connect it with code running on AWS Lambda. Amazon API Gateway handles all of the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management. We will demonstrate how to build an API that uses AWS Identity and Access Management (IAM) for authorization and Amazon Cognito to retrieve temporary credentials for your API calls. We will write the AWS Lambda function code in Java and build an iOS sample application in Objective C.
by Fritz Kunstler, Sr. AWS Security Consultant AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
The document outlines 10 best practices for managing identity and access management (IAM) on AWS:
1. Create individual users instead of sharing credentials.
2. Configure a strong password policy and regularly rotate credentials.
3. Enable multi-factor authentication for privileged users.
4. Manage permissions with groups and grant least privilege.
5. Use IAM roles to allow cross-account access and provide access to EC2 instances and federated users.
6. Enable AWS CloudTrail logging to monitor API activity.
7. Reduce use of root credentials where possible.
The document provides explanations and examples for each best practice.
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
Authentication and Authorization for Connected Mobile & Web Applications using Amazon Cognito and AWS AppSync
One of the key challenges for mobile applications is managing users and their identities in order to support monetization strategies, provide differentiated services, and manage fine grained access and data controls. In this session, you’ll learn how Amazon Cognito provides user sign-up and sign-in as part of your onboarding workflow and advanced capabilities for data access/feature management and security.
Level: Intermediate
Speaker: Brice Pelle - Enterprise Support Lead, AWS
Discussed the capabilities, advantages and disadvantages of Keycloak, made a basic understanding of how it can be applied and integrated into various systems.
Speaker - Ihor Didyk, Software Engineer, GlobalLogic.
by Quint Van Deman, Sr. Business Development Manager, AWS
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in.
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAmazon Web Services
This document introduces AWS CloudFormation, which allows users to automate the deployment and configuration of AWS resources through templates. CloudFormation templates describe the configuration of AWS resources using JSON or YAML files. When deployed, the template creates a "stack" of linked resources. Common uses of CloudFormation include replicating environments, deploying across regions, and disaster recovery. The document also discusses best practices like reusing templates, using parameters and mappings, and versioning templates with AWS CodeCommit.
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud trail key concepts, workflow and event history
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud watch key concepts, workflow, dashboard, metrics, cloud watch agent, alarms, events and logs.
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
Identity and access management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM enables you to securely control access to your application or product services and resources for your users.
Amazon CloudWatch Logs and AWS Lambda: A Match Made in HeavenAmazon Web Services
In this session, we cover three common scenarios that include Amazon CloudWatch Logs and AWS Lambda. Learn how to build an Elasticsearch cluster from historical data using Amazon S3, Lambda, and CloudWatch Logs. Discover how to add details to CloudWatch alarm notifications using Amazon SNS and Lambda. Finally, understand how to bring Elastic Load Balancing logs to CloudWatch Logs using S3 bucket triggers from Lambda.
Speaker: Leo Zhadanovsky, Principle Solutions Architect. Amazon Web Services
Level: 300
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...Amazon Web Services
Secure user sign-up and sign-in is critical for many mobile and web applications. Amazon Cognito is the easiest way to secure your mobile and web applications by providing a comprehensive identity solution for end user management, registration, sign-in, and security. In this product deep dive, we will walk through Cognito’s feature set, which includes serverless flows for user management and sign-in, a fully managed user directory, integrations with existing corporate directories, and many other features. In addition, we will cover key use cases and discuss the associated benefits.
Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. It allows developers to manage multiple versions and stages of APIs, monitor access by third party developers, and handle traffic spikes without operational burden. API Gateway supports features like throttling, authorization, caching of responses, and SDK generation to make APIs easy to consume.
Amazon API Gateway and AWS Lambda: Better TogetherDanilo Poccia
Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. AWS Lambda is a compute service that runs your code in response to events and automatically manages the compute resources for you, making it easy to build applications that respond quickly to new information. Together they help you build a server-less event-driven backend that is easy to manage and scale.
by Apurv Awasthi, Sr. Technical Product Manager, AWS
This session introduces the concepts of AWS Identity and Access Management (IAM) and walks through the tools and strategies you can use to control access to your AWS environment. We describe IAM users, groups, and roles and how to use them. We demonstrate how to create IAM users and roles, and grant them various types of permissions to access AWS APIs and resources. We also cover the concept of trust relationships, and how you can use them to delegate access to your AWS resources. This session covers also covers IAM best practices that can help improve your security posture. We cover how to manage IAM users and roles, and their security credentials. We also explain ways for how you can securely manage you AWS access keys. Using common use cases, we demonstrate how to choose between using IAM users or IAM roles. Finally, we explore how to set permissions to grant least privilege access control in one or more of your AWS accounts. Level 100
The document outlines 10 best practices for managing identity and access management (IAM) on AWS: 1) Create individual users, 2) Configure a strong password policy, 3) Rotate security credentials regularly, 4) Enable multi-factor authentication for privileged users, 5) Manage permissions with groups, 6) Grant least privilege, 7) Use IAM roles to share access, 8) Use IAM roles for Amazon EC2 instances, 9) Enable AWS CloudTrail for auditing API calls, and 10) Reduce or remove use of the root account. The document provides explanations and examples for implementing each best practice.
The document provides an overview of the history and development of OAuth standards for authorization. It describes some of the issues with early implementations that prompted the creation of OAuth 1.0, including services storing user passwords and lack of ability to revoke access. OAuth 1.0 introduced signatures to address these issues. OAuth 2.0 replaced signatures with HTTPS and defines common flows for different use cases, including authorization code, implicit, password, and client credentials grants.
(SOV209) Introducing AWS Directory Service | AWS re:Invent 2014Amazon Web Services
AWS Directory Service is a managed service that allows you to connect your AWS resources with an existing on-premises Microsoft Active Directory or to set up a new, standalone directory in the AWS cloud. Connecting to an on-premises directory is easy, and once this connection is established, all users can access AWS resources and applications with their existing corporate credentials. You can also launch managed, Samba-based directories in a matter of minutes, simplifying the deployment and management of Windows workloads in the AWS cloud. You can join Amazon EC2 Windows instances, get Kerberos-based SSO, and use your favorite Windows tools for administration. In this session, we demonstrate AWS Directory Service features and show you how to use this service to reduce workflow complexity for your users and IT staff.
This document discusses authentication and authorization frameworks like OAuth and OpenID Connect. It provides an overview of key concepts like authentication, authorization, roles in OAuth like resource owner, client, authorization server and resource server. It explains the authorization code grant flow in OAuth and how OpenID Connect builds upon OAuth to provide identity features. It also compares OpenID Connect to SAML and discusses Microsoft and TechCello implementations of these specifications.
(DEV307) Introduction to Version 3 of the AWS SDK for Python (Boto) | AWS re:...Amazon Web Services
In this session, we introduce Boto 3, the next major version of the AWS SDK for Python. You will learn about the new features in the SDK, such as the high-level resource APIs that simplify working with AWS collections and objects, and the eventing model that enables customizing your calls to AWS services. We use a sample application to demonstrate these features, and show how to integrate them with your existing projects.
Getting Started with Cognito User Pools - September Webinar SeriesAmazon Web Services
You can now use Amazon Cognito to easily add user sign-up and sign-in to your mobile and web apps instead of worrying about user management, authentication, and sync across platforms and devices. With the User Pools feature, you can create your own user directory that can scale to hundreds of millions of users, and is fully managed so you don’t have to worry about building, securing, and scaling authentication to your apps. In this webinar, we will walk your through adding the process of adding user sign-up and sign-in to your mobile and web apps.
Learning Objectives:
*Learn to add user sign-up and sign-in to your mobile and web apps quickly and easily
*Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and provide secure access to AWS resources
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Edureka!
** Microsoft Azure Certification Training: https://www.edureka.co/microsoft-azure-training**
This Edureka "Azure Active Directory” tutorial will give you a thorough and insightful overview of Microsoft Azure Active Directory and help you understand other related terms like Tenants, Domain services etc. Following are the offerings of this tutorial:
1. What is Azure Active Directory?
2. Azure AD vs Windows AD
3. Azure AD Audience
4. Azure AD Editions
5. Azure AD Tenants
6. Demo-Creating and using Active Directory
Check out our Playlists: https://goo.gl/A1CJjM
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Web Services
Learning Objectives:
-Understand user identity and federation principles and practices
-Learn how Amazon Cognito supports SAML and 3rd party IdP integration
-Demonstrate how to use Amazon Cognito’s built-in UI for user identity management.
App developers need a system to manage the identities of their users for sign-up, sign-in, and access control. Amazon Cognito now provides a public beta of built-in UI for developers to add user sign-up and sign-in pages to their application and customize the looks and feel of those pages simply through the Amazon Cognito console. Also in the public beta, Amazon Cognito now provides support for SAML based federation of user identities for integration with enterprise based directory systems and simplified support for 3rd party Identity Providers (IdP) such as Facebook and Google. This tech talk will provide a brief overview of Amazon Cognito and then discuss the details of the new features and capabilities of the public beta.
Amazon Cognito is a service that provides authentication, authorization, and user management for web and mobile applications. It allows for user sign-up, sign-in, access control, account recovery, and integration with social identity providers. Cognito User Pools provides built-in user directory and authentication services, while Cognito Identity Pools enables the generation of temporary AWS credentials for application access. Sample use cases include business to consumer apps, business to employee apps, and IoT applications.
by Quint Van Deman, Sr. Business Development Manager, AWS
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in.
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAmazon Web Services
This document introduces AWS CloudFormation, which allows users to automate the deployment and configuration of AWS resources through templates. CloudFormation templates describe the configuration of AWS resources using JSON or YAML files. When deployed, the template creates a "stack" of linked resources. Common uses of CloudFormation include replicating environments, deploying across regions, and disaster recovery. The document also discusses best practices like reusing templates, using parameters and mappings, and versioning templates with AWS CodeCommit.
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud trail key concepts, workflow and event history
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
Training for AWS Solutions Architect at http://zekelabs.com/courses/amazon-web-services-training-bangalore/.This slide describes about cloud watch key concepts, workflow, dashboard, metrics, cloud watch agent, alarms, events and logs.
___________________________________________________
zekeLabs is a Technology training platform. We provide instructor led corporate training and classroom training on Industry relevant Cutting Edge Technologies like Big Data, Machine Learning, Natural Language Processing, Artificial Intelligence, Data Science, Amazon Web Services, DevOps, Cloud Computing and Frameworks like Django,Spring, Ruby on Rails, Angular 2 and many more to Professionals.
Reach out to us at www.zekelabs.com or call us at +91 8095465880 or drop a mail at info@zekelabs.com
Identity and access management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM enables you to securely control access to your application or product services and resources for your users.
Amazon CloudWatch Logs and AWS Lambda: A Match Made in HeavenAmazon Web Services
In this session, we cover three common scenarios that include Amazon CloudWatch Logs and AWS Lambda. Learn how to build an Elasticsearch cluster from historical data using Amazon S3, Lambda, and CloudWatch Logs. Discover how to add details to CloudWatch alarm notifications using Amazon SNS and Lambda. Finally, understand how to bring Elastic Load Balancing logs to CloudWatch Logs using S3 bucket triggers from Lambda.
Speaker: Leo Zhadanovsky, Principle Solutions Architect. Amazon Web Services
Level: 300
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...Amazon Web Services
Secure user sign-up and sign-in is critical for many mobile and web applications. Amazon Cognito is the easiest way to secure your mobile and web applications by providing a comprehensive identity solution for end user management, registration, sign-in, and security. In this product deep dive, we will walk through Cognito’s feature set, which includes serverless flows for user management and sign-in, a fully managed user directory, integrations with existing corporate directories, and many other features. In addition, we will cover key use cases and discuss the associated benefits.
Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. It allows developers to manage multiple versions and stages of APIs, monitor access by third party developers, and handle traffic spikes without operational burden. API Gateway supports features like throttling, authorization, caching of responses, and SDK generation to make APIs easy to consume.
Amazon API Gateway and AWS Lambda: Better TogetherDanilo Poccia
Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. AWS Lambda is a compute service that runs your code in response to events and automatically manages the compute resources for you, making it easy to build applications that respond quickly to new information. Together they help you build a server-less event-driven backend that is easy to manage and scale.
by Apurv Awasthi, Sr. Technical Product Manager, AWS
This session introduces the concepts of AWS Identity and Access Management (IAM) and walks through the tools and strategies you can use to control access to your AWS environment. We describe IAM users, groups, and roles and how to use them. We demonstrate how to create IAM users and roles, and grant them various types of permissions to access AWS APIs and resources. We also cover the concept of trust relationships, and how you can use them to delegate access to your AWS resources. This session covers also covers IAM best practices that can help improve your security posture. We cover how to manage IAM users and roles, and their security credentials. We also explain ways for how you can securely manage you AWS access keys. Using common use cases, we demonstrate how to choose between using IAM users or IAM roles. Finally, we explore how to set permissions to grant least privilege access control in one or more of your AWS accounts. Level 100
The document outlines 10 best practices for managing identity and access management (IAM) on AWS: 1) Create individual users, 2) Configure a strong password policy, 3) Rotate security credentials regularly, 4) Enable multi-factor authentication for privileged users, 5) Manage permissions with groups, 6) Grant least privilege, 7) Use IAM roles to share access, 8) Use IAM roles for Amazon EC2 instances, 9) Enable AWS CloudTrail for auditing API calls, and 10) Reduce or remove use of the root account. The document provides explanations and examples for implementing each best practice.
The document provides an overview of the history and development of OAuth standards for authorization. It describes some of the issues with early implementations that prompted the creation of OAuth 1.0, including services storing user passwords and lack of ability to revoke access. OAuth 1.0 introduced signatures to address these issues. OAuth 2.0 replaced signatures with HTTPS and defines common flows for different use cases, including authorization code, implicit, password, and client credentials grants.
(SOV209) Introducing AWS Directory Service | AWS re:Invent 2014Amazon Web Services
AWS Directory Service is a managed service that allows you to connect your AWS resources with an existing on-premises Microsoft Active Directory or to set up a new, standalone directory in the AWS cloud. Connecting to an on-premises directory is easy, and once this connection is established, all users can access AWS resources and applications with their existing corporate credentials. You can also launch managed, Samba-based directories in a matter of minutes, simplifying the deployment and management of Windows workloads in the AWS cloud. You can join Amazon EC2 Windows instances, get Kerberos-based SSO, and use your favorite Windows tools for administration. In this session, we demonstrate AWS Directory Service features and show you how to use this service to reduce workflow complexity for your users and IT staff.
This document discusses authentication and authorization frameworks like OAuth and OpenID Connect. It provides an overview of key concepts like authentication, authorization, roles in OAuth like resource owner, client, authorization server and resource server. It explains the authorization code grant flow in OAuth and how OpenID Connect builds upon OAuth to provide identity features. It also compares OpenID Connect to SAML and discusses Microsoft and TechCello implementations of these specifications.
(DEV307) Introduction to Version 3 of the AWS SDK for Python (Boto) | AWS re:...Amazon Web Services
In this session, we introduce Boto 3, the next major version of the AWS SDK for Python. You will learn about the new features in the SDK, such as the high-level resource APIs that simplify working with AWS collections and objects, and the eventing model that enables customizing your calls to AWS services. We use a sample application to demonstrate these features, and show how to integrate them with your existing projects.
Getting Started with Cognito User Pools - September Webinar SeriesAmazon Web Services
You can now use Amazon Cognito to easily add user sign-up and sign-in to your mobile and web apps instead of worrying about user management, authentication, and sync across platforms and devices. With the User Pools feature, you can create your own user directory that can scale to hundreds of millions of users, and is fully managed so you don’t have to worry about building, securing, and scaling authentication to your apps. In this webinar, we will walk your through adding the process of adding user sign-up and sign-in to your mobile and web apps.
Learning Objectives:
*Learn to add user sign-up and sign-in to your mobile and web apps quickly and easily
*Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and provide secure access to AWS resources
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Edureka!
** Microsoft Azure Certification Training: https://www.edureka.co/microsoft-azure-training**
This Edureka "Azure Active Directory” tutorial will give you a thorough and insightful overview of Microsoft Azure Active Directory and help you understand other related terms like Tenants, Domain services etc. Following are the offerings of this tutorial:
1. What is Azure Active Directory?
2. Azure AD vs Windows AD
3. Azure AD Audience
4. Azure AD Editions
5. Azure AD Tenants
6. Demo-Creating and using Active Directory
Check out our Playlists: https://goo.gl/A1CJjM
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Web Services
Learning Objectives:
-Understand user identity and federation principles and practices
-Learn how Amazon Cognito supports SAML and 3rd party IdP integration
-Demonstrate how to use Amazon Cognito’s built-in UI for user identity management.
App developers need a system to manage the identities of their users for sign-up, sign-in, and access control. Amazon Cognito now provides a public beta of built-in UI for developers to add user sign-up and sign-in pages to their application and customize the looks and feel of those pages simply through the Amazon Cognito console. Also in the public beta, Amazon Cognito now provides support for SAML based federation of user identities for integration with enterprise based directory systems and simplified support for 3rd party Identity Providers (IdP) such as Facebook and Google. This tech talk will provide a brief overview of Amazon Cognito and then discuss the details of the new features and capabilities of the public beta.
Amazon Cognito is a service that provides authentication, authorization, and user management for web and mobile applications. It allows for user sign-up, sign-in, access control, account recovery, and integration with social identity providers. Cognito User Pools provides built-in user directory and authentication services, while Cognito Identity Pools enables the generation of temporary AWS credentials for application access. Sample use cases include business to consumer apps, business to employee apps, and IoT applications.
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Amazon Web Services
This document provides an overview and summary of Amazon Cognito. It discusses how Cognito can be used to authenticate users, manage user identities, and synchronize user data across devices. It also describes Cognito's features for user sign-up, sign-in, verification, authentication, authorization and managing user profiles. Several sample use cases are presented, such as using Cognito for user management, social login, and employee single sign-on. The document concludes with information on getting started with Cognito.
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksAmazon Web Services
Amazon Cognito enables you to secure your mobile and web applications by providing a comprehensive identity solution for end user management, registration, sign-in, and security. In this product deep dive, we will walk through Cognito’s feature set, which includes serverless flows for user management and sign-in, a fully managed user directory, and control for user permissions. In addition, we will cover key use cases and discuss the associated benefits.
Learning Objectives:
1. Understand Cognito’s comprehensive feature set and benefits
2. Learn how to use Cognito to address different needs for user management and authorization
3. See how to get started and learn more
Add User Sign in and Management to your Apps with Amazon CognitoAmazon Web Services
Secure user sign up and sign in is an important starting point for many mobile and web applications. Amazon Cognito enables you to secure your mobile and web applications by providing a comprehensive identity solution for end user management, registration, sign-in, and security. In this product deep dive, we will walk through Cognito’s feature set, which includes serverless flows for user management and sign-in, a fully managed user directory, and control for user permissions. In addition, we will cover key use cases and discuss the associated benefits.
Learning Objectives:
• What is Cognito’s comprehensive feature set
• What are the benefits associated with using Cognito
• How to integrate Cognito into your applications
• Which use cases are best suited for Cognito
Who Should Attend?
• Developers
1) The document discusses user identity and authentication using Amazon Cognito. It describes how Cognito can provide user sign-up, sign-in, profile management, authorization, and federation with enterprise or social identities.
2) Amazon Cognito User Pools allow adding user sign-up and sign-in to mobile and web apps without server infrastructure, and provide enhanced security features and a managed user directory.
3) The document outlines Cognito's capabilities for comprehensive user flows, extensive admin controls, and integration with the AWS Mobile SDK for a seamless user experience across platforms.
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Amazon Web Services
Amazon Cognito lets you easily add user sign-up and sign-in to your mobile and web apps. Finding the right identity solution can often be challenging. In this session, we will look at how Cognito can support a wide range of authentication scenarios including customers, employees and systems to help you make the right choices.
Speaker: Stephen Liedig. Solutions Architect. Amazon Web Services
Level: 300
This document summarizes a workshop on architecting user authentication and authorization in apps using AWS services. The workshop covers Amazon Cognito for user management, authentication, and data synchronization across devices. It provides an overview of Cognito User Pools and Federated Identities, demonstrates an authentication workflow using the services, and discusses how to get started with a sample Angular app.
One of the key challenges for mobile applications is managing users and their identities in order to support monetization strategies, provide differentiated services, and manage fine grained access and data controls. In this session, you’ll learn how Amazon Cognito provides user sign-up and sign-in as part of your onboarding workflow and advanced capabilities for data access/feature management and security.
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Amazon Web Services
Learn how to set up an end-user directory, secure sign-up and sign-in, manage user profiles, authenticate and authorize your APIs, federate from enterprise and social identity providers, and use OAuth to integrate with your app—all without any server setup or code. With clear blueprints, we show you how to leverage Amazon Cognito to administer and secure your end users and enable identity for the applied patterns of mobile, web, and enterprise apps.
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
This document discusses authentication and authorization for mobile and web applications using Amazon Cognito and AWS AppSync. It provides an overview of Amazon Cognito for user identity management, including user pools for authentication, custom user flows using Lambda hooks, and integration with AWS AppSync. It then describes authorization methods when using AWS AppSync, including using JSON Web Tokens from Cognito user pools and Cognito identity pools. The document demonstrates how to implement authentication and authorization between a mobile app and AWS AppSync using Amazon Cognito for user management and authorization.
Amazon Cognito now makes it easy to sign up and sign in users to your mobile and web apps. Previously, with Amazon Cognito you can use social identity providers like Facebook, Google, Twitter, and Amazon for user sign-in and federate these identities to allow secure access to AWS resources. Now with User Identity Pools in Amazon Cognito, you get a secure, low-cost, and fully managed user directory that can scale to 100s of millions of users. Join us for an overview of Amazon Cognito and how to get started with User Identity Pools.
This document discusses user identity and authentication options for mobile apps using Amazon Web Services. It describes Amazon Cognito user pools, which allow developers to easily add user sign-up, sign-in, and account management to mobile or web apps without having to build their own user directories. Cognito user pools support features like multi-factor authentication, extensive user profile management and permissions. The document also discusses using Cognito user pools with AWS SDKs for user authentication and accessing backend AWS services through Cognito identity pools.
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Amazon Web Services
You can now use Amazon Cognito to easily add user sign-up and sign-in to your mobile and web apps instead of worrying about user management, authentication, and sync across platforms and devices. With the User Pools feature, you can create your own user directory that can scale to hundreds of millions of users, and is fully managed so you don’t have to worry about building, securing, and scaling authentication to your apps. In this webinar, we will walk your through adding the process of adding user sign-up and sign-in to your mobile and web apps.
Learning Objectives: • Learn to add user sign-up and sign-in to your mobile and web apps quickly and easily • Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and provide secure access to AWS resources
Amazon Cognito: A Primer on Authentication and AuthorizationKnoldus Inc.
Amazon Cognito is a service provided by Amazon Web Services (AWS) that facilitates user identity and access management in the cloud. It's commonly used for building secure and scalable authentication and authorization systems for web and mobile applications.
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
AWS Community Day Kochi 2019 - Technical Session
Enterprise grade security for web and mobile applications on AWS by Robin Varghese , Chief Architect - TCS
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
Amazon Cognito provides user authentication, authorization, and user management services for web and mobile applications. It allows adding user sign-up, sign-in and access management without having to build and maintain the backend infrastructure. Cognito supports user sign-in via social identity providers or corporate directories. It also provides multi-factor authentication and integrates with AWS services like API Gateway for authorization. Cognito can scale to support hundreds of millions of users.
SID201 Overview of AWS Identity, Directory, and Access ServicesAmazon Web Services
Every journey to the AWS Cloud is unique. Some customers are migrating existing applications, while others are building new applications using cloud-native services. Along each of these journeys, identity and access management helps customers protect their applications and resources. In this session, you learn how AWS identity services provide you a secure, flexible, and easy solution for managing identities and access on the AWS Cloud. With AWS identity services, you do not have to adapt to AWS. Instead, you have a choice of services designed to meet you anywhere along your journey to the AWS Cloud.
This document discusses building secure and scalable APIs using Amazon API Gateway and AWS Lambda. It introduces Amazon API Gateway for hosting APIs and routing API calls. AWS Lambda is introduced for executing application business logic. Amazon Cognito is discussed for user signup, authentication, and temporary credentials. The document provides an example of integrating these services to build a secure and scalable mobile backend API.
Similar to Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
2. Topics
AWS Mobile Services and Amazon Cognito
Introduction to Amazon Cognito User Pools
Summary of Features
Demo
Sample Use Cases
Getting Started
Q & A
3. Authenticate users
Analyze User Behavior
Store and share media
Synchronize data
Deliver media
Amazon Cognito
(Sync)
Amazon Cognito
(Identity)
Amazon S3
Amazon CloudFront
Store data
Amazon DynamoDB
Amazon RDS
Run Targeted Campaigns
Send push notifications
Amazon SNS
Mobile Push
Server-side logic
Lambda
Device Farm
Test your app
Build and Scale Your Apps on AWS
Amazon Pinpoint
Amazon Pinpoint
5. Identity is mission critical for applications
Authentication User ManagementAuthorization
Manage user lifecycles
Store and manage
user profile data
Monitor engagement
Protect data and
operations
Provide fine-grained
access control
Sign in users
Enable federation with
enterprise identities
Enable federation with
social identities
User Identity
6. Your User Pools
Add user sign-up and sign-
in easily to your mobile and
web apps without worrying
about server infrastructure
Serverless Authentication
and User Management
Verify phone numbers and
email addresses and offer
multi-factor authentication
Enhanced Security
Features
Launch a simple, secure,
low-cost, and fully managed
service to create and
maintain a user directory
that scales to 100s of
millions of users
Managed User Directory
1 2 3
7. Comprehensive User Flows
Email or Phone
Number Verification
Forgot Password
User Sign-Up and
Sign-In
Require users to verify their email address or phone number prior to activating
their account with a one-time password challenge
Provide users the ability to change their password when they forget it with a one-
time password challenge
Allow users to sign up and sign in using an email, phone number, or username
(and password) for your application.
User Profile Data Enable users to view and update their profile data – including custom attributes
SMS Multifactor
Authentication
Require users to complete a second factor of authentication by inputting a
security code received via SMS as part of the sign-in flow
Customize these User Flows Using Lambda
Token Based
Authentication
Use JSON Web Tokens (JWTs) based on OpenID Connect (OIDC) and OAuth
2.0 standards for user authentication in your backend
8. Custom User Flows Using Lambda Hooks
8
Category Lambda Hook Example Scenarios
Custom
Authentication
Flow
Define Auth Challenge Determines the next challenge in a custom auth flow
Create Auth Challenge Creates a challenge in a custom auth flow
Verify Auth Challenge Response Determines if a response is correct in a custom auth flow
Authentication
Events
Pre Authentication Custom validation to accept or deny the sign-in request
Post Authentication Event logging for custom analytics
Sign-Up
Pre Sign-up Custom validation to accept or deny the sign-up request
Post Confirmation Custom welcome messages or event logging for custom analytics
Messages Custom Message Advanced customization and localization of messages
9. Extensive Admin Capabilities
Define Custom
Attributes
Set per-App
Permissions
Set up Password
Policies
Create and manage
User Pools
Define custom attributes for your user profiles
Set read and write permissions for each user attribute on a per-app basis
Enforce password policies like minimum length and requirement of certain
types of characters
Create, configure, and delete multiple user pools across AWS regions
Require Submission of
Attribute Data
Select which attributes must be provided by the user prior to completion of
the sign-up process
Search Users
Search users based on a full match or a prefix match of their attributes
through the console or Admin API
Manage Users
Conduct admin actions, such as reset user password, confirm user, enable
MFA, delete user, and global sign-out
10. App Integration and Federation in User Pools
Built-in, Customizable
User Interface for Sign up
/ Sign in
OAuth 2.0 SupportFederation with Facebook,
Login with Amazon,
Google, and SAML
providers
1 2 3
11. Built-in, Customizable User Interface
Upload your own
logo and adjust
CSS properties
to fit your style
and branding
12. Federation with Cognito User Pools
• Built-in integrations with identity
providers
• Social: Facebook, Google, Login
with Amazon
• Corporate via SAML 2.0
• Map user attributes into User Pool
profiles
• Universal directory with common
set of profiles and tokens for all
users
CUP
Token
Cognito User Pool
13. Support for OAuth 2.0 in Cognito User Pools
• OAuth 2.0 flows:
• Authorization code
• Implicit
• Client credentials
• Custom scopes defined for resource
servers
14. Cognito Federated Identities (Identity Pools)
• Exchanges tokens from
authenticated users for AWS
credentials to access
resources such as S3 or
DynamoDB
• You can defined rules for
mapping users to different IAM
roles to manage permissions
• Provides an identity pool id to
uniquely identify users
Cognito
Identity Pool
AWS Credentials
/ / etc
token
Mobile or web app
DynamoDB
S3
API GW
Access backend
resources
- tied to IAM role
1
3
2
15. Two Ways to Federate with Amazon Cognito
Cognito User Pools Cognito Identity Pools
• Handles the IdP interactions
for you
• Provides profiles to manage
users
• Provides OpenID Connect and
OAuth2.0 standard tokens
• Priced per monthly active user
• Provides AWS credentials for
accessing resources on behalf
of users
• Supports rules to map users to
different IAM roles
• Free
16. Amazon Cognito for Authentication and Access
Get AWS
credentials
Cognito
Identity PoolDynamoDB S3
Access AWS Services
Federating
IdP
Cognito
User Pool• User Pools authenticate
users and returns standard
tokens
• User Pool tokens are used
to access backend
resources
• Identity Pools provide
AWS credentials to access
AWS services
Authenticate
3
CUP
Token1
IdP
Token
2
Redirect /
Post back
CUP
Token
5
6
Access Serverless BackendCUP
Token
API GW
4
Lambda
18. Amazon Cognito: Identity Management Scenarios
Business to Consumer Business to Business
Business to Employee IoT Scenarios
Enterprise
DirectoryEnterprise
Directory
SAML
Enterprise
Directory
SAML
AWS IoT
19. Amazon Cognito: Authorization Scenarios
Standalone Identity Provider Amazon API Gateway AWS Credentials
Resources
• OIDC and OAuth 2.0 tokens
from User Pools can be used
directly to access backend
resources
CUP
Token
CUP
Token
CUP
Token
CUP
Token
AWS IAM
AWS
Credentials
AWS Services
S3DDBLambda
• User Pool tokens authorize
requests via Amazon API
Gateway
• Token claims can be inspected
• Temporary AWS credentials
provide access to AWS
services
• Users can be mapped to
different roles and policies
API GW
20. Cognito User Pools and Amazon API Gateway
Native Support Custom Authorizer Function
Control access to your APIs using bearer
token authentication strategies, such as
OAuth or SAML – API Gateway’s custom
authorizer feature uses bearer tokens to
determine access privileges
Configure API Gateway to accept ID tokens
to authorize users based on their existence
in a user pool – User Pools works together
with API Gateway to authorize API requests
1 2
21. Getting Started with Your User Pools
See aws.amazon.com/cognito/dev-resources/ for links to
Getting Started Guides
Documentation, SDKs, and Sample Apps
Videos
Presentation Slides
Blog Posts
Developer Forums
22. Q & A
Visit aws.amazon.com/cognito/ to learn more
Find resources at aws.amazon.com/cognito/dev-resources/
Ask questions at the AWS Developer Forum or Stack Overflow
(‘amazon-cognito’ tag)
25. Groups
Cognito User Pools
Groups and Multiple Authenticated Roles
Group A
IAM Role A
Group B
IAM Role B
…
Authenticated
User Identity
Get
Credentials
Multiple Roles for Authenticated Identities
Cognito Federated Identities
IAM Role and Policy
IAM Role and Policy
IAM Role and Policy
Backend
Resources
MaptodifferentIAMroles
API Gateway
DynamoDB
S3
ControlAccess
27. Creating Users as an Administrator
Developers or administrators can create users in a user pool and
send them an optional, customizable invitation email or SMS message
New users sign in with a temporary password and create a new
password
User pools can be configured to only allow users created by an
administrator
28. Importing Existing Users
Batch Imports
Import users by uploading .csv files
Users will create a new password when they first sign-in
Each imported user must have an email address or a
phone number
One-at-a-Time Migration
Migrate users individually as they sign in
App first tries to sign in via Cognito, if user does not
exist, app signs in via prior identity system, captures
username and password, and silently creates user in
Cognito
Retains passwords, but requires app coding and
maintenance of prior system for some period
Prior
IdP
29. Understanding User Status
New users start with
“Registered” status
Users must be
confirmed before
they can sign-in
Users must be
disabled before they
can be deleted
Registered
(cannot sign in)
Sign-up
Confirmed
Disabled
Admin
Confirm
Confirm via
email/phone
or
Disable
Delete
(deleted)
Lambda Trigger:
Pre Sign-up Reset Required
User import
Force Change
Password
Admin Create User
Reset password
Enable
30. Verifying Email and Phone
Your User Pools provide built-in verification of email
addresses and phone numbers
A six digit code is sent as an email message or SMS
text and is submitted via the VerifyUserAttribute
API
If both a phone number and email address are
provided at sign-up, a verification code will only be
sent to the phone
Your app can call GetUser to see if an email address
or phone number is awaiting verification, and then call
GetUserAttributeVerificationCode to initiate
the verification
Your verification
code is 938764