Using AWS Cognito with ArcGIS Online

3133
8
06-27-2018 06:47 PM
by Anonymous User
Not applicable

Is it possible to use AWS Cognito as the Identity Provider for ArcGIS Online?

There are articles on federating ArcGIS Online with ADFS, NetIQ, Shibboleth, Okta, etc, etc, but I haven't been able to find any info anywhere that goes through how to connect Cognito. I have followed the AWS documentation as far as setting up a User Pool, set up ability to login via Facebook etc, but a stalling at the point where I try to get Cognito and ArcGIS Online talking to each other.

This is the link to the basic ESRI documentation. Can anyone point me in the right direction here?

Set up enterprise logins—ArcGIS Online Help | ArcGIS 

0 Kudos
8 Replies
MarkKorver1
New Contributor

No, at least not directly. However, you can use the same SAML supporting IdP, such as Okta, on the back end.

You can setup both AGOL and ArcGIS Portal to allow logins via IdPs that support SAML. AWS Cognito also supports SAML. What's probably confusing here is that you can use Cognito User Pools to act as an IdP on it's own.

0 Kudos
by Anonymous User
Not applicable

Hi Mark

Thanks for the reply. The answers I've been given (from ESRI and from AWS) outside Geonet and since this post are that Cognito doesn't support the iDP portion of SAML. In other words, it supports 'SAML' when it is the service provider, but not when it is the identity provider. So we can't at this stage federate it with AGOL.

Cognito does apparently support OpenID fully, but AGOL doesn't support this.

Cheers,

-Paul

0 Kudos
SamLibby
Esri Contributor

Following up on an old thread, but I wanted to note that this is now possible with the new OpenID Connect support in ArcGIS Online's June 2020 release. Working on a blog post around the specifics but wanted to get a note here for anyone else who comes across this topic.

AamirSuleman1
New Contributor II

This is awesome. I was able to make it work with a sandboxed 10.8.1 Portal. Cognito doesn't have great capabilities when it comes to roles/groups. I wonder if we can leverage an AWS solution for this rather than use the built-in groups in Portal? It will be great if you can also write about social logins as Portal and Cognito both provide that.

0 Kudos
RyanLloyd
New Contributor II

Hi Sam, 

This is good, and timely, news. Do you have a link to the blog post to hand at all?

Thanks!

JohnWaterman
New Contributor III

Please keep me posted on documentation for using AWS Cognito as an iDP for ArcGIS Online.  Any update?  Thank you.  Best, John

BlairDeaver3
Occasional Contributor

+1 for wanting to see a blog post or instructions on how to use Cognito with AGOL and Portal/Enterprise would be huge.  Thank you!

0 Kudos
SamLibby
Esri Contributor

Sorry for the delay, all - please see this file which should give you a great starting point: https://github.com/Esri/idp/blob/main/Documentation/OpenID/AWS%20Cognito.md