Step 3: Integrate Identity Provider with Amazon Cognito
Now, configure Amazon Cognito to recognize Microsoft Entra ID as a federated identity provider:
- In the AWS Console, navigate to Amazon Cognito and select your User Pool
- Go to Sign-in experience and locate the Federated identity provider sign-in section
- Select Add identity provider and choose SAML as the provider type
- Configure the identity provider with these settings:
-
Provider name: “EntraID” (this name will appear on your login screen)
-
Metadata document: Upload the Federation Metadata XML file downloaded in the previous step
-
SAML attribute mapping: Configure the following essential attribute mappings:
email → http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
given_name → http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
family_name → http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
-
See also:
Entra ID and Cognito Itegration - Guide
Entra ID and Cognito Itegration - Step1
Entra ID and Cognito Itegration - Step2
Entra ID and Cognito Itegration - Step3
Entra ID and Cognito Itegration - Step4