Amazon Cognito User Pools provide a secure identiy store that scales to millions of users. As a fully managed service, User Pools are easy to set up without provisioning any infrastructure. User Pools store user profiles and support authentication for users who sign up directly and for federated users who sign in with social and enterprise identity providers.
Using advanced security features for Amazon Cognito helps you protect access to user accounts in your applications. These advanced security features provide risk-based adaptive authentication and protection from the use of compromised credentials. With just a few clicks, you can enable these advanced security features for your Amazon Cognito User Pools.
Now it's easier and faster to create better, more secure apps
Social and enterprise identity federation
With Amazon Cognito, your users can sign-in through social identity providers such as Google, Facebook, and Amazon, and through enterprise identity providers such as Microsoft Active Directory using SAML.
Access control for AWS resources
Amazon Cognito provides solutions to control access to AWS resources from your app. You can define roles and map users to different roles so your app can access only the resources that are authorized for each user. Alternatively, you can use attributes from identity providers in AWS Identity and Access Management permission policies, so you can control access to resources to users who meet specific attribute conditions.
Amazon Cognito uses common identity management standards including OpenID Connect, OAuth 2.0, and SAML 2.0.
Using advanced security features for Amazon Cognito to add adaptive authentication to your applications helps protect your applications’ user accounts and user experience. When Amazon Cognito detects unusual sign-in activity, such as sign-in attempts from new locations and devices, it assigns a risk score to the activity and lets you choose to either prompt users for additional verification or block the sign-in request. Users can verify their identities using SMS or a Time-based One-time Password (TOTP) generator, such as Google Authenticator.
Protection from compromised credentials
Advanced security features for Amazon Cognito helps protect your application users from unauthorized access to their accounts using compromised credentials. When Amazon Cognito detects users have entered credentials that have been compromised elsewhere, it prompts them to change their password.
Supports Multiple Compliance Programs
Amazon Cognito helps you meet multiple security and compliance requirements, including those for highly regulated organizations such as healthcare companies and merchants. Amazon Cognito is HIPAA eligible and PCI DSS, SOC, and ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001 compliant.