AWS Cognito as a User Directory
This document provides instructions for adding users from Amazon Cognito as PrivX users. By following these instructions, you can allow users from your Amazon Cognito user pool to log into PrivX. Such users may then be granted SSH/RDP access similarly to regular AD users.
Disclaimers
This document includes instructions regarding third-party products by Amazon Web Services. These instructions are provided for general guidance only.
SSH Communications Security Corporation does not make any warranties as to the accuracy, reliability, or usefulness of these instructions, or guarantee that the content related to third-party products is up to date.
SSH Communications Security Corporation does not provide any warranties regarding third-party products, such as AWS Cognito, nor provide any support or other services for third- party products.
For instructions about setting up and operating Amazon products, we always recommend that you consult the official Amazon documentation intended for the specific version(s) of Amazon products in your use, and/or directly contact Amazon representatives or support.
Logging in to PrivX as Amazon Cognito User Pool user can be achieved by configuring PrivX OIDC directory with AWS endpoints.
Integration steps
- Log in to Amazon Web Console and navigate to Cognito / Manage User Pools
- Create a new User Pool, with a custom attribute. In this example, it is shown as "custom:group"
- Go to App Clients and create new App Client
- After creating the pool, go to App client settings and configure identity provider
- Create your users and assign your user groups via "custom:group" attribute.
- Go to PrivX admin console Administration/Directories and create a new OIDC user directory.
- Configure the issuer endpoint including your User Pool region and Pool Id. Fill in App Client credentials and other settings.
- After saving the configuration, log out. You should see "Cognito" login button, which will redirect you to AWS Cognito user page.
- To bypass PrivX login page completely, you can use Direct Login URL shown in your Cognito directory settings.