Search results

Amazon Cognito support for SSO authentication

Bold BI application supports adding users using the Amazon Cognito provider. By importing them, you can share the dashboards and email exported dashboards with them.

How to register the Bold BI application in Amazon Cognito

This section explains how to perform Single Sign-On for users in Amazon Cognito with the Bold BI application.

NOTE: This configuration has to be done in Amazon Cognito website.

Prerequisites

  • An admin account in Amazon Cognito.
  • An user pool in Amazon Cognito.
  • Install Bold BI application.

Steps to register the Bold BI application

  1. Login to the Amazon Cognito website with an admin account and open the console and then click Manage User pool.

    Manage user pool

  2. Click App Clients under General Settings in the left side menu, and then add the application.

    Add application

  3. Save the App client name and click on Create app client.

    Create client

  4. Click on Show details to know the Client Secret.

    Application details

  5. Make use of the App client id and App client secret as in the following screenshot.

    Client details

  6. Click on App client settings under App integration in the left side menu and add the Callback URL(s).

    Application redirect uri

  7. The Callback URL(s) must be the URI in the settings of your Bold BI application as in the following screenshot.

    Redirect URI

After successful registration in Amazon Cognito, save these settings in Bold BI settings page to enable this authentication.

Enable Amazon Cognito support for authentication in Bold BI

Configure the settings in Bold BI as in the following snap to enable the authentication using Amazon Cognito.

Amazon settings

The fields to be saved in the Bold BI to enable the Amazon Cognito for authentication is explained as below.

Provider Name It represents the name of the authentication provider to be displayed in the login page.
Provider Logo It represents the logo of the authentication provider to be displayed in the login page.
Authorization Endpoint It should be in the format https://AUTH_DOMAIN/oauth2/authorize
Please refer here for more details.
Token Endpoint Method POST
Token Endpoint It should be in the format https://AUTH_DOMAIN/oauth2/token
Please refer here for more details.
User Information Endpoint Method GET
User Information Endpoint It should be in the following format https://AUTH_DOMAIN/oauth2/userinfo. Please refer here, for more details.
Client ID The Client ID you get after registered the Bold BI application in Amazon Cognito website.
Client Secret The Client Secret you get after registered the Bold BI application in Amazon Cognito website.
Scopes openid, profile, email
Logout Endpoint It is the endpoint in the Amazon Cognito website that signs the user out.
Email This must be the field name, in which email will be present when deserializing the token.

Configure Amazon Cognito Group Import Settings in Bold BI

Configure group import setting in Bold BI using Cognito AWS as shown in the below image,

Cognito AWS

NOTE: Only IAM User can import Cognito AWS groups.

User Pool Id and Region can be found in general settings of your user pool in Cognito AWS console.

AWS User Pool Id

For generating an Access Key and Access Secret follow the link https://docs.aws.amazon.com/IAM/latest/UserGuide/idcredentialsaccess-keys.html#Using_CreateAccessKey