This article will explain the process of setting up Okta as a SAML IdP in an Amazon Cognito user pool.
Pre-requisites
Contact Litera Devops before starting your 2FA authentication project. There are steps they need to perform first.
Steps
Create a SAML app in Okta
Go into the Okta developer console and under Shortcuts, choose Add Applications. Or, choose Applications, and then choose Add Application.
Click Create New App
Choose Platform as Web
For the Sign-on method, choose SAML 2.0.
Configure SAML Integration in Okta App
On the Create SAML Integration page, under General Settings, enter a name for your app.
Choose Next.
Under GENERAL, for Single sign on URL, enter https://yourDomainPrefix.auth.region.amazoncognito.com/saml2/idpresponse.
NOTE: Replace yourDomainPrefix and region with the values for your user poolFor Audience URI (SP Entity ID), enter urn:amazon:cognito:sp:yourUserPoolId.
NOTE: Replace yourUserPoolId with your Amazon Cognito user pool ID.Leave Name ID format as Unspecified
Set Application username as Email
Under ATTRIBUTE STATEMENTS (OPTIONAL) set the following (set the Name format as URI reference for all):
Click Next and Click Finish
Assign users to the Okta application
On the Assignments tab for your Okta app, for Assign, choose Assign to People
Next to the user that you want to assign, choose Assign
Choose Save and Go back. Choose Done.
Get the IDP metadata for the Okta application
On the Sign On tab for your Okta app, find the Identity Provider metadata hyperlink. Right-click the hyperlink, and then copy the URL and send the URL over to us:
This is the hyperlink metadata that the DevOps team should add on the Cognito User pool step.