yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-07-19 15:31:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenMetadata/openmetadata-docs-v1/content/v0.13.2/deployment/security/amazon-cognito-sso/index.md
Pere Miquel Brull 6fcdf803e6
Prepare Docs V1 structure (#11089) 
* Prepare Docs V1 structure

* Point to the v1.0.0 images dir

* Use the same ssh key

* Use new key

* Add connectors icons

* Update images
2023-04-17 16:45:47 +02:00

4.1 KiB
Raw Blame History

title slug
Amazon Cognito SSO /deployment/security/amazon-cognito

Amazon Cognito SSO

Follow the sections in this guide to set up Amazon Cognito SSO.

Security requirements for your production environment:

  • DELETE the admin default account shipped by OM in case you had Basic Authentication enabled before configuring the authentication with Amazon Cognito SSO.
  • UPDATE the Private / Public keys used for the JWT Tokens in case it is enabled.

Create Server Credentials

Step 1: Login to AWS Portal

  • Login to Amazon AWS Portal.
  • Search for Cognito in the search box and select Cognito Service from the dropdown menu.
create-account

Step 2: Setup User Pool

  • Click on the "Create user pool" button if you do not have any user pools configured yet. Skip this step if you already have a user pool available.
  • Select the type of ID providers you want to configure for your users and click "Next"
create-account
  • Configure the security requirements in Step 2 as per your organizational needs and proceed to Step 3
  • Configure the Sign-up experience in Step 3. Make sure to add email as a required attribute before proceeding to step 4
create-account
  • Configure message delivery as per your organizational needs and proceed to Step 5
  • In Step 5, add a name for the user pool and check the "Use the Cognito Hosted UI" option and provide a Cognito domain as shown in the screenshot below
create-account
  • In the same step, select "Public client" for the Initial App client type and configure the Allowed callback URLs with http://localhost:8585/callback as shown in the screenshot below. Note: For production deployments, the Allowed callback URLs should be updated with the appropriate domain name.
create-account
  • The last step is to Review and create the User Pool.

Step 3: Where to find the Credentials

  • The User Pool ID can be found in the User Pool summary page as seen in the screenshot below
create-account
  • The App client ID can be found under the "App Integration" tab of the User Pool page. There will be a section that lists all the App clients with client name and client ID as shown below
create-account create-account

After the applying these steps, you can update the configuration of your deployment:

{%inlineCalloutContainer%}

{%inlineCallout icon="celebration" bold="Docker Security" href="/deployment/security/amazon-cognito/docker" %} Configure Amazon Cognito SSO for your Docker Deployment. {%/inlineCallout%}

{%inlineCallout icon="storage" bold="Bare Metal Security" href="/deployment/security/amazon-cognito/bare-metal" %} Configure Amazon Cognito SSO for your Bare Metal Deployment. {%/inlineCallout%}

{%inlineCallout icon="fit_screen" bold="Kubernetes Security" href="/deployment/security/amazon-cognito/kubernetes" %} Configure Amazon Cognito SSO for your Kubernetes Deployment. {%/inlineCallout%}

{%/inlineCalloutContainer%}

Configure Ingestion

The ingestion can be configured by Enabling JWT Tokens.