Amazon Cognito support for SSO authentication
The Bold BI application supports the addition of users using the Amazon Cognito provider. By importing them, you can share the dashboards and email exported dashboards to them.
NOTE: This feature is available in Bold BI Embedded Analytics but not in Cloud Analytics Server.
How to register the Bold BI application in Amazon Cognito
This section explains how to perform Single Sign-On for users in Amazon Cognito using the Bold BI application.
NOTE: This configuration needs to be done on the Amazon Cognito website.
Prerequisites
- An admin account in Amazon Cognito.
- An user pool in Amazon Cognito.
- Install Bold BI application.
Steps to register the Bold BI application
-
Please login to the Amazon Cognito website using an admin account. Once logged in, open the console and click on
Manage User Pool.
-
Please click on
App Clientslocated underGeneral Settingsin the left side menu, and proceed to add the application.
-
Please save the
App client nameand click onCreate app client.
-
Click on the
Show detailsbutton to access theClient Secret.
-
Please use the
App client idandApp client secretas shown in the screenshot below.
-
Click on
App client settingsunderApp integrationin the left side menu and add theCallback URL(s).
-
The
Callback URL(s)must be the URI in the settings of your Bold BI application, as shown in the following screenshot.
After successfully registering in Amazon Cognito, save these settings on the Bold BI settings page to enable this authentication..
Enable Amazon Cognito support for authentication in Bold BI
Configure the settings in Bold BI, as shown in the following snapshot, to enable authentication using Amazon Cognito.
The fields that need to be saved in Bold BI to enable Amazon Cognito for authentication are explained below.
| Provider Name | It represents the name of the authentication provider to be displayed in the login page. |
| Provider Logo | It represents the logo of the authentication provider to be displayed in the login page. |
| Authorization Endpoint | It should be in the format https://AUTH_DOMAIN/oauth2/authorize Please refer here for more details. |
| Token Endpoint Method | POST |
| Token Endpoint | It should be in the format https://AUTH_DOMAIN/oauth2/token Please refer here for more details. |
| User Information Endpoint Method | GET |
| User Information Endpoint | It should be in the following format https://AUTH_DOMAIN/oauth2/userinfo. Please refer here, for more details. |
| Client ID | The Client ID you get after registered the Bold BI application in Amazon Cognito website. |
| Client Secret | The Client Secret you get after registered the Bold BI application in Amazon Cognito website. |
| Scopes | openid, profile, email |
| Logout Endpoint | It is the endpoint in the Amazon Cognito website that signs the user out. |
| This must be the field name, in which email will be present when deserializing the token. |
Configure Amazon Cognito Group Import Settings in Bold BI
Configure the group import setting in Bold BI using Cognito AWS, as shown in the image below,
NOTE: Only the
IAM Usercan import Cognito AWS groups.
The User Pool Id and Region can be found in the general settings of your user pool in the Cognito AWS console.
To generate an Access Key and Access Secret, please follow the link https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey