diff --git a/openmetadata-docs/content/deployment/security/amazon-cognito-sso/bare-metal.md b/openmetadata-docs/content/deployment/security/amazon-cognito-sso/bare-metal.md
new file mode 100644
index 00000000000..73751e6b4d5
--- /dev/null
+++ b/openmetadata-docs/content/deployment/security/amazon-cognito-sso/bare-metal.md
@@ -0,0 +1,41 @@
+---
+title: Amazon Cognito SSO for Bare Metal
+slug: /deployment/security/amazon-cognito/bare-metal
+---
+
+# Amazon Cognito SSO for Bare Metal
+
+## Update conf/openmetadata.yaml
+
+Once the User pool and App client are created, add the `client id` to the value of the `clientId` field in the
+`openmetadata.yaml` file. See the snippet below for an example of where to place the `client id` value. Also, configure the
+`publicKeyUrls` and `authority` fields correctly with the User Pool ID from the previous step.
+
+```yaml
+authenticationConfiguration:
+ provider: "aws-cognito"
+ publicKeyUrls:
+ - "https://cognito-idp.us-west-1.amazonaws.com/{User Pool ID}/.well-known/jwks.json"
+ authority: "https://cognito-idp.us-west-1.amazonaws.com/{User Pool ID}"
+ clientId: "{Client ID}"
+ callbackUrl: "http://localhost:8585/callback"
+```
+
+Then,
+- Update `authorizerConfiguration` to add login names of the admin users in `adminPrincipals` section as shown below.
+- Update the `principalDomain` to your company domain name.
+
+```yaml
+authorizerConfiguration:
+ className: "org.openmetadata.catalog.security.DefaultAuthorizer"
+ # JWT Filter
+ containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
+ adminPrincipals:
+ - "user1"
+ - "user2"
+ botPrincipals:
+ - "ingestion-bot"
+ principalDomain: "open-metadata.org"
+```
+
+Finally, update the Airflow information with the JWT token from [Enabling JWT Tokens](/deployment/security/enable-jwt-tokens).
diff --git a/openmetadata-docs/content/deployment/security/amazon-cognito-sso/docker.md b/openmetadata-docs/content/deployment/security/amazon-cognito-sso/docker.md
new file mode 100644
index 00000000000..25ba8569189
--- /dev/null
+++ b/openmetadata-docs/content/deployment/security/amazon-cognito-sso/docker.md
@@ -0,0 +1,41 @@
+---
+title: Amazon Cognito SSO for Docker
+slug: /deployment/security/amazon-cognito/docker
+---
+
+# Amazon Cognito SSO for Docker
+
+To enable security for the Docker deployment, follow the next steps:
+
+## 1. Create an .env file
+
+Create an `openmetadata.env` file and add the following contents as an example. Use the information
+generated when setting up the account in the previous steps.
+
+```bash
+# OpenMetadata Server Authentication Configuration
+AUTHORIZER_CLASS_NAME=org.openmetadata.catalog.security.DefaultAuthorizer
+AUTHORIZER_REQUEST_FILTER=org.openmetadata.catalog.security.JwtFilter
+AUTHORIZER_ADMIN_PRINCIPALS=[admin] # Your `name` from name@domain.com
+AUTHORIZER_INGESTION_PRINCIPALS=[ingestion-bot]
+AUTHORIZER_PRINCIPAL_DOMAIN=open-metadata.org # Update with your domain
+
+AUTHENTICATION_PROVIDER=aws-cognito
+AUTHENTICATION_PUBLIC_KEYS=[https://cognito-idp.us-west-1.amazonaws.com/{User Pool ID}/.well-known/jwks.json]
+AUTHENTICATION_AUTHORITY=https://cognito-idp.us-west-1.amazonaws.com/{User Pool ID}
+AUTHENTICATION_CLIENT_ID={Client ID}
+AUTHENTICATION_CALLBACK_URL=http://localhost:8585/callback
+
+# Airflow Configuration
+AIRFLOW_AUTH_PROVIDER=openmetadata
+OM_AUTH_JWT_TOKEN=
+```
+
+Finally, update the Airflow information with the JWT token
+from [Enabling JWT Tokens](/deployment/security/enable-jwt-tokens).
+
+## 2. Start Docker
+
+```commandline
+docker compose --env-file ~/openmetadata.env up -d
+```
diff --git a/openmetadata-docs/content/deployment/security/amazon-cognito-sso/index.md b/openmetadata-docs/content/deployment/security/amazon-cognito-sso/index.md
new file mode 100644
index 00000000000..65e94db47e6
--- /dev/null
+++ b/openmetadata-docs/content/deployment/security/amazon-cognito-sso/index.md
@@ -0,0 +1,90 @@
+---
+title: Amazon Cognito SSO
+slug: /deployment/security/amazon-cognito
+---
+
+# Amazon Cognito SSO
+
+Follow the sections in this guide to set up Amazon Cognito SSO.
+
+
+
+### Step 1: Login to AWS Portal
+
+- Login to [Amazon AWS Portal](https://aws.amazon.com/).
+- Search for `Cognito` in the search box and select Cognito Service from the dropdown menu.
+
+
+
+### Step 2: Setup User Pool
+
+- Click on the "Create user pool" button if you do not have any user pools configured yet. Skip this step if you already have a user pool available.
+- Select the type of ID providers you want to configure for your users and click "Next"
+
+
+
+- Configure the security requirements in Step 2 as per your organizational needs and proceed to Step 3
+- Configure the Sign-up experience in Step 3. Make sure to add email as a required attribute before proceeding to step 4
+
+
+
+- Configure message delivery as per your organizational needs and proceed to Step 5
+- In Step 5, add a name for the user pool and check the "Use the Cognito Hosted UI" option and provide a Cognito domain as shown in the screenshot below
+
+
+
+- In the same step, select "Public client" for the Initial App client type and configure the Allowed callback URLs
+ with `http://localhost:8585/callback` as shown in the screenshot below. Note: For production deployments, the Allowed
+ callback URLs should be updated with the appropriate domain name.
+
+
+
+- The last step is to Review and create the User Pool.
+
+### Step 3: Where to find the Credentials
+
+- The `User Pool ID` can be found in the User Pool summary page as seen in the screenshot below
+
+
+
+- The App client ID can be found under the "App Integration" tab of the User Pool page. There will be a section that
+ lists all the App clients with client name and client ID as shown below
+
+
+
+
+
+
+
+After the applying these steps, you can update the configuration of your deployment:
+
+
+
+ Configure Amazon Cognito SSO for your Docker Deployment.
+
+
+ Configure Amazon Cognito SSO for your Bare Metal Deployment.
+
+
+ Configure Amazon Cognito SSO for your Kubernetes Deployment.
+
+
+
+## Configure Ingestion
+
+The ingestion can be configured by [Enabling JWT Tokens](/deployment/security/enable-jwt-tokens).
diff --git a/openmetadata-docs/content/deployment/security/amazon-cognito-sso/kubernetes.md b/openmetadata-docs/content/deployment/security/amazon-cognito-sso/kubernetes.md
new file mode 100644
index 00000000000..7f5d976126c
--- /dev/null
+++ b/openmetadata-docs/content/deployment/security/amazon-cognito-sso/kubernetes.md
@@ -0,0 +1,34 @@
+---
+title: Amazon Cognito SSO for Kubernetes
+slug: /deployment/security/amazon-cognito/kubernetes
+---
+
+# Amazon Cognito SSO for Kubernetes
+
+Check the Helm information [here](https://artifacthub.io/packages/search?repo=open-metadata).
+
+Once the `Client Id` and `Client Secret` are generated, see the snippet below for an example of where to
+place the client id value and update the authorizer configurations in the `values.yaml`.
+
+```yaml
+global:
+ authorizer:
+ className: "org.openmetadata.catalog.security.DefaultAuthorizer"
+ containerRequestFilter: "org.openmetadata.catalog.security.JwtFilter"
+ initialAdmins:
+ - "user1"
+ - "user2"
+ botPrincipals:
+ - ""
+ principalDomain: "open-metadata.org"
+ authentication:
+ provider: "google"
+ publicKeys:
+ - "https://www.googleapis.com/oauth2/v3/certs"
+ authority: "https://accounts.google.com"
+ clientId: "{client id}"
+ callbackUrl: "http://localhost:8585/callback"
+```
+
+Finally, update the Airflow information with the JWT token
+from [Enabling JWT Tokens](/deployment/security/enable-jwt-tokens).
diff --git a/openmetadata-docs/content/deployment/security/index.md b/openmetadata-docs/content/deployment/security/index.md
index a517fd6f79e..9a8961099c2 100644
--- a/openmetadata-docs/content/deployment/security/index.md
+++ b/openmetadata-docs/content/deployment/security/index.md
@@ -55,4 +55,12 @@ please follow the [Quickstart](/quick-start/local-deployment) guide.
>
Configure Okta SSO to access the UI and APIs
+
+ Configure Okta SSO to access the UI and APIs
+
diff --git a/openmetadata-docs/content/menu.md b/openmetadata-docs/content/menu.md
index 2ef875ac7ab..4c8a5215764 100644
--- a/openmetadata-docs/content/menu.md
+++ b/openmetadata-docs/content/menu.md
@@ -85,6 +85,14 @@ site_menu:
url: /deployment/security/okta/bare-metal
- category: Deployment / Enable Security / Okta SSO / Kubernetes
url: /deployment/security/okta/kubernetes
+ - category: Deployment / Enable Security / Amazon Cognito SSO
+ url: /deployment/security/amazon-cognito
+ - category: Deployment / Enable Security / Amazon Cognito SSO / Docker
+ url: /deployment/security/amazon-cognito/docker
+ - category: Deployment / Enable Security / Amazon Cognito SSO / Bare Metal
+ url: /deployment/security/amazon-cognito/bare-metal
+ - category: Deployment / Enable Security / Amazon Cognito SSO / Kubernetes
+ url: /deployment/security/amazon-cognito/kubernetes
- category: Deployment / Enable Security / Enable SSL
url: /deployment/security/enable-ssl
- category: Deployment / Enable Security / Enable SSL / Use Nginx
diff --git a/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-1.png b/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-1.png
new file mode 100644
index 00000000000..81f2036abd1
Binary files /dev/null and b/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-1.png differ
diff --git a/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-2.png b/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-2.png
new file mode 100644
index 00000000000..9abee580cfd
Binary files /dev/null and b/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-2.png differ
diff --git a/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-3.png b/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-3.png
new file mode 100644
index 00000000000..6895b77535e
Binary files /dev/null and b/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-3.png differ
diff --git a/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-4.png b/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-4.png
new file mode 100644
index 00000000000..e263611df51
Binary files /dev/null and b/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-4.png differ
diff --git a/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-5.png b/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-5.png
new file mode 100644
index 00000000000..54792aaaa0a
Binary files /dev/null and b/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-5.png differ
diff --git a/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-6.png b/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-6.png
new file mode 100644
index 00000000000..4b33d1ffecd
Binary files /dev/null and b/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-6.png differ
diff --git a/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-7.png b/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-7.png
new file mode 100644
index 00000000000..c81b58b2f7e
Binary files /dev/null and b/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-7.png differ
diff --git a/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-8.png b/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-8.png
new file mode 100644
index 00000000000..686bf03ecc6
Binary files /dev/null and b/openmetadata-docs/images/deployment/security/amazon-cognito-sso/create-server-credentials-8.png differ