The document outlines the Amazon Cognito service, which provides user identity management and data synchronization for mobile and web applications. It explains the features of user pools and identity pools, the benefits of using Amazon Cognito, and options for passwordless authentication. Additionally, it emphasizes the importance of etiquette during sessions, such as punctuality and submitting feedback.

1. Amazon Cognito
Presenter Name: Balraj Sabharwal

2. Lack of etiquette and manners is a huge turn off.
KnolX Etiquettes
 Punctuality
Join the session 5 minutes prior to the session start time. We start on
time and conclude on time!
 Feedback
Make sure to submit a constructive feedback for all sessions as it is very
helpful for the presenter.
 Silent Mode
Keep your mobile devices in silent mode, feel free to move out of session
in case you need to attend an urgent call.
 Avoid Disturbance
Avoid unwanted chit chat during the session.

3. 1. What is Amazon Cognito
2. Benefits and Features
3. User Pools and Identity Pools
4. Passwordless Authentication with Amazon cognito
5. Demo

4. What is Amazon Cognito
 Amazon Cognito is a simple user identity and data synchronization service that helps
you securely manage and synchronize application data for your users across their
devices. (mobiles, tablets, etc)
 An Amazon Cognito user pool is a user directory for web and mobile app authentication
and authorization. From the perspective of your app, an Amazon Cognito user pool is
an OpenID Connect (OIDC) identity provider (IdP). A user pool adds layers of additional
features for security, identity federation, app integration, and customization of the user
experience.
 You can, for example, verify that your users’ sessions are from trusted sources. You can
combine the Amazon Cognito directory with an external identity provider. With your
preferred AWS SDK, you can choose the API authorization model that works best for
your app. And you can add AWS Lambda functions that modify or overhaul the default
behavior of Amazon Cognito.

6.  Amazon Cognito is a developer-centric and cost-
effective customer identity and access
management (CIAM) service. It provides a secure
identity store and federation options that can scale
to millions of users. Amazon Cognito supports login
with social identity providers and SAML or OIDC-
based identity providers for delightful customer
experiences, and offers advanced security features
to protect your customers and business. It supports
various compliance standards, operates on open
identity standards (OAuth2.0, SAML 2.0 and
OpenID Connect) and integrates with an extended
ecosystem of front-end and back-end development
resources and SDK libraries.
Benefits
 Your users can enter their information in your app
and create a user profile that’s native to your user
pool. You can call API sign-up operations to
register users in your user pool. You can open
these sign-up operations to anyone.
 You can redirect users to a third-party IdP that they
can authorize to pass their information to Amazon
Cognito. Amazon Cognito processes OIDC id
tokens, OAuth 2.0 userInfo data, and SAML 2.0
assertions into user profiles in your user pool.
 Built-in customizable UI to sign-in users
Features

7. User Pools and Identity Pools
 An Amazon Cognito user pool is a user directory for web and mobile app authentication
and authorization. From the perspective of your app, an Amazon Cognito user pool is
an OpenID Connect (OIDC) identity provider (IdP). A user pool adds layers of additional
features for security, identity federation, app integration, and customization of the user
experience.
 You can, for example, verify that your users’ sessions are from trusted sources. You can
combine the Amazon Cognito directory with an external identity provider. With your
preferred AWS SDK, you can choose the API authorization model that works best for
your app. And you can add AWS Lambda functions that modify or overhaul the default
behavior of Amazon Cognito.
 An Amazon Cognito identity pool is a directory of federated identities that you can
exchange for AWS credentials. Identity pools generate temporary AWS credentials for
the users of your app, whether they’ve signed in or you haven’t identified them yet. With
AWS Identity and Access Management (IAM) roles and policies, you can choose the
level of permission that you want to grant to your users. Users can start out as guests
and retrieve assets that you keep in AWS services.

8. Passwordless and Authentication with Amazon Cognito
 Social identity providers: Amazon Cognito integrates seamlessly with popular social
identity providers such as Google, Facebook, and Amazon. This allows users to sign in
to the application using their existing social media accounts.
 Enterprise identity providers: Developers can leverage enterprise identity providers via
SAML 2.0 and OpenID Connect to enable users to authenticate using their corporate
credentials.
 There are alternatives to logging in with passwords—for example, using a fingerprint
scan or facial recognition. But it’s not always feasible to use such methods.
 Amazon Cognito provides you another alternative. What if you didn’t have to enter a
password when you log in, but the website or app just sends you a temporary one-time
login code, for example, through email, SMS, or a push notification? You retrieve the
code, enter it, and you’re in. It’s like a “forgot password” process, but simpler and
shorter. Also, it doesn’t carry the notion that you forgot your password.

9. DEMO