With SFTP Gateway version 3.004.00, you can now integrate Amazon Cognito authentication with SFTP Gateway’s web admin portal. In other words, web admins can leverage their existing Amazon Cognito credentials instead of managing another account just for SFTP Gateway access.
What is Amazon Cognito?
Amazon Cognito is a managed service from Amazon Web Services (AWS) that provides user authentication, authorization, and user management capabilities for mobile and web applications. It allows developers to easily add user sign-up, sign-in, and access control to their applications without having to build and maintain their own authentication infrastructure. With Amazon Cognito, developers can quickly and securely authenticate users using popular identity providers, such as Facebook, Google, and Amazon, or their own user pools.
The process for integrating Amazon Cognito authentication with SFTP Gateway
- Create and configure a User Pool in Cognito
- Create users in Amazon Cognito
- Point SFTP Gateway to the User Pool
Create a User Pool in Cognito
Configure the User Pool Steps 1 – 4 as needed for your environment requirements and preferences.
Step 5, Integrate your app, is where you will make the majority of the important configurations.
Configure a name for your user pool and under the Hosted authentication pages section, check the box for Use the Cognito Hosted UI. Configure the domain to your liking, I will be using https://bryce-demo.auth.us-east-1.amazoncognito.com.
https://<sftp-gateway-hostname>/backend/login/oauth2/code/<custom name>
https://<sftp-gateway-hostname>
Add users in Cognito
Once your user has been created, you will now need to get the User pool IDs.
Get the User Pool IDs
Next, under the App integration tab for the user pool, scroll down until you see your App client.
Enter into your App client, then copy and store the Client ID and Client secret.
Also, if you scroll down you will see the Hosted UI section with the callback URL you configured earlier. Copy and store the custom name you used at the end of the URL.
Configure the Identity Provider on SFTP Gateway
- Identity Provider Display Name: This is the name for the Identity Provider that will be displayed at the login screen for Web Admin Users.
- Issuer URI: Paste in this text, https://cognito-idp.{REGION}.amazonaws.com/{USER_POOL_ID}. Replace the first placeholder value with your AWS region and the second placeholder value at the end with the User pool ID you copied earlier from the overview page of your user pool.
- Client ID: Paste in the client ID you copied earlier from your app client page.
- Client Secret: Paste in the client secret value you copied earlier from your app client page.
- Name Attribute: Set this value to cognito:username, this will use the username of your Cognito users as the name for their respective Web Admin User.
- Registration ID: Use the custom name you made for the callback URL when creating the App client.
Test the changes in the web browser
You will then be redirected to your Cognito domain to enter your Cognito credentials.
Once logged in, you will be authenticated to the SFTP Gateway web admin portal. You’ve now completed the process for integrating Amazon Cognito authentication with SFTP Gateway’s web admin portal.
For more help with Amazon Cognito and SFTP Gateway, check out the Knowledge Base or our YouTube channel and the video below.