Amazon Cognito support for SSO authentication
Bold BI application supports adding users using the Amazon Cognito provider. By importing them, you can share the dashboards and email exported dashboards with them.
How to register the Bold BI application in Amazon Cognito
This section explains how to perform Single Sign-On for users in Amazon Cognito with the Bold BI application.
NOTE: This configuration has to be done in Amazon Cognito website.
Prerequisites
- An admin account in Amazon Cognito.
- An user pool in Amazon Cognito.
- Install Bold BI application.
Steps to register the Bold BI application
-
Login to the Amazon Cognito website with an admin account and open the console and then click
Manage User pool.
-
Click
App ClientsunderGeneral Settingsin the left side menu, and then add the application.
-
Save the
App client nameand click onCreate app client.
-
Click on
Show detailsto know theClient Secret.
-
Make use of the
App client idandApp client secretas in the following screenshot.
-
Click on
App client settingsunderApp integrationin the left side menu and add theCallback URL(s).
-
The
Callback URL(s)must be the URI in the settings of your Bold BI application as in the following screenshot.
After successful registration in Amazon Cognito, save these settings in Bold BI settings page to enable this authentication.
Enable Amazon Cognito support for authentication in Bold BI
Configure the settings in Bold BI as in the following snap to enable the authentication using Amazon Cognito.
The fields to be saved in the Bold BI to enable the Amazon Cognito for authentication is explained as below.
| Provider Name | It represents the name of the authentication provider to be displayed in the login page. |
| Provider Logo | It represents the logo of the authentication provider to be displayed in the login page. |
| Authorization Endpoint | It should be in the format https://AUTH_DOMAIN/oauth2/authorize Please refer here for more details. |
| Token Endpoint Method | POST |
| Token Endpoint | It should be in the format https://AUTH_DOMAIN/oauth2/token Please refer here for more details. |
| User Information Endpoint Method | GET |
| User Information Endpoint | It should be in the following format https://AUTH_DOMAIN/oauth2/userinfo. Please refer here, for more details. |
| Client ID | The Client ID you get after registered the Bold BI application in Amazon Cognito website. |
| Client Secret | The Client Secret you get after registered the Bold BI application in Amazon Cognito website. |
| Scopes | openid, profile, email |
| This must be the email of an admin account of Amazon Cognito website. |
Configure Amazon Cognito Group Import Settings in Bold BI
Configure group import setting in Bold BI using Cognito AWS as shown in the below image,
NOTE: Only
IAM Usercan import Cognito AWS groups.
User Pool Id and Region can be found in general settings of your user pool in Cognito AWS console.
For generating an Access Key and Access Secret follow the link https://docs.aws.amazon.com/IAM/latest/UserGuide/idcredentialsaccess-keys.html#Using_CreateAccessKey