In this guide, we will walk through how to attach Microsoft SSO (Single Sign-On) to an existing user pool in Amazon Cognito.
Step 1. Sign in to the Azure portal Console and navigate to the Azure directory to create a “New registration” for your app.
Step 2. Provide a name for the app and set the redirect URI as https://<your-user-pool-domain>/oauth2/idpresponse. Register the app.
Step 3. In the “Certificates and secrets” tab, generate a new client secret.
Step 4. Add the identity provider for Microsoft using OpenIDConnect (OIDC).
Step 5. Enter the necessary details such as name, client ID, client secret, and authorized scope. Keep the default options. Map the attributes and add the identity provider.
Step 6. In the App integrations tab, edit the hosted UI in the app clients section. Look for the option to add identity providers and include MicrosoftSSO. This option is present due to the previous inclusion of Google SSO.
Step 7. Access the hosted UI and you should now see the “Continue with MicrosoftSSO” option alongside the traditional sign-up and sign-in choices.
In conclusion, integrating Microsoft SSO with Amazon Cognito involves registering your app in the Azure portal, generating a client secret, adding Microsoft as an identity provider using OpenIDConnect, and configuring the hosted UI to include the MicrosoftSSO option. By following these steps, users will have the convenience of using Microsoft SSO alongside the traditional sign-up and sign-in options in your application.