{"id":2563,"date":"2024-08-01T15:11:46","date_gmt":"2024-08-01T13:11:46","guid":{"rendered":"http:\/\/agilno.local\/?p=2563"},"modified":"2024-08-06T16:52:28","modified_gmt":"2024-08-06T14:52:28","slug":"insights-from-implementing-sso-from-active-directory-to-aws-cognito","status":"publish","type":"post","link":"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/","title":{"rendered":"Insights from Implementing SSO from Active Directory to AWS Cognito"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Our team recently took on the task of implementing Single Sign-On (SSO) from Active Directory to our client portal using AWS Cognito. It was an interesting project filled with learning opportunities and a few challenges. We want to share our experience and insights to help others who might be tackling a similar project.<\/span><\/p>\n<h3><b>Understanding the Tools<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Before we dive in, let\u2019s understand the tools and technologies involved in making this project happen:<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>Active Directory (AD):<\/strong> This is Identity Provider (IdP), responsible for authenticating users within the organization. Understanding its schema, attribute storage, and authentication mechanisms was essential for effective integration.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>AWS Cognito:<\/strong> We used it as a Service Provider (SP), used for managing user identities and providing access to the client portal.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>SAML (Security Assertion Markup Language):<\/strong> A critical component in the integration, SAML facilitates the exchange of authentication and authorization data between AD and AWS Cognito.\u00a0<\/span><\/p>\n<h3><b>The Challenge<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Our client, a financial services company, needed to integrate Active Directory (AD) with AWS Cognito to enable their financial advisors to seamlessly access customer documents through a single sign-on (SSO) system. The challenge was to create a secure, multi-tier setup that would allow advisors to authenticate via AD and gain access to resources managed by AWS Cognito without compromising security or user experience.<\/span><\/p>\n<h3><b>Key Insights<\/b><\/h3>\n<h4><b>Understanding AWS Cognito and SAML<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">Our team works primarily with AWS, and our client was using AWS Cognito for customer identity and user management. AD was a 3rd party system that we needed to integrate to allow users seamless 1 click login. To accomplish this, the first step was understanding how AWS Cognito integrates with SAML-based identity providers like AD. We spent some time getting into the details of configuring identity providers, handling metadata, and managing SAML assertions. Here\u2019s are some key insights:<\/span><\/p>\n<p><b>Preparation:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>High-Level Design:<\/b><span style=\"font-weight: 400;\"> We created a high-level design document to serve as a blueprint. This high level document outlined how the integration would work and interact with other components and services. This was such a valuable document that everyone ended up using to understand how this integration will work.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Deep Dive into SAML:<\/b><span style=\"font-weight: 400;\"> We invested time in understanding SAML authentication, studying the exchange of authentication and authorization data, and the roles of service providers (SP) and identity providers (IdP).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Environment Planning:<\/b><span style=\"font-weight: 400;\"> We set up development and staging environments to experiment with different configurations and understand AWS Cognito&#8217;s interaction with SAML IdPs. The issue here was that we had to manage multiple certificates and sometimes we had delays in getting the certificates. Also, there is a bigger potential in swapping certificates from multiple environments. This was a good approach because we could test in isolation, but it is a little bit cumbersome from a communication perspective.\u00a0<\/span><\/li>\n<\/ul>\n<p><b>Planning:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Requirement Gathering:<\/b><span style=\"font-weight: 400;\"> We collaborated with the client to define specific requirements for the integration, such as necessary attributes in the SAML assertions and their mappings to AWS Cognito user pools.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Detailed Flowchart:<\/b><span style=\"font-weight: 400;\"> We started getting deeper into HLD and we created a comprehensive flowchart detailing the integration process, mapping out steps from user authentication to the generation and validation of SAML assertions. This document continued to be a go to document for the integration and consensus.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Security Review:<\/b><span style=\"font-weight: 400;\"> Our team conducted a thorough review of security protocols to ensure compliance with industry standards and best practices. For this client, SOC 2 compliance was crucial, so we focused on:<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><b>Data Encryption:<\/b><span style=\"font-weight: 400;\"> Using TLS for data in transit and AWS Key Management Service (KMS) for data at rest.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><b>Logging and Monitoring:<\/b><span style=\"font-weight: 400;\"> Implementing logging for all access and administrative activities using AWS CloudTrail to monitor for suspicious activities.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><b>Continuous Learning:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Staying Updated:<\/b><span style=\"font-weight: 400;\"> We participated in relevant forums and communities to stay current with AWS services and SAML standards. AWS Cognito evolves, so we frequently review release notes to incorporate the latest best practices.<\/span><\/li>\n<\/ul>\n<h4><b>The Complexities of Attribute Mapping<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">Mapping user attributes between AD and AWS Cognito was more intricate than we expected. Gather as much information as possible from different stakeholders who understand different parts of the system. Also, make sure you have a process that will be followed when user attributes are changed.\u00a0<\/span><\/p>\n<p><b>Detailed Planning:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Identify Necessary Attributes:<\/b><span style=\"font-weight: 400;\"> It was crucial to have early identification of all necessary attributes and planning of their mappings between the systems. We started by listing every attribute we would need and understanding how each would be used in the context of our client portal and AWS Cognito.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Attribute Mapping Matrix:<\/b><span style=\"font-weight: 400;\"> We created a detailed matrix to document how each AD attribute should map to AWS Cognito attributes. This matrix became our reference point throughout the project, ensuring everyone was on the same page.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Stakeholder Involvement:<\/b><span style=\"font-weight: 400;\"> Engaging with stakeholders ensured all necessary attributes were accounted for and correctly mapped. We had several meetings with stakeholders to confirm our mappings and get their input on any special requirements.<\/span><\/li>\n<\/ul>\n<p><b>Validation:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Automated Scripts:<\/b><span style=\"font-weight: 400;\"> We used automated scripts to validate attribute mappings, ensuring accuracy and completeness. These scripts ran checks to confirm that each attribute was correctly mapped and could be correctly read by AWS Cognito.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Manual Verification:<\/b><span style=\"font-weight: 400;\"> We also conducted manual verification to catch any discrepancies that automated scripts might miss. This involved manually logging in as different users and checking that all their attributes were correctly transferred.<\/span><\/li>\n<\/ul>\n<p><b>Continuous Improvement:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Feedback Loop:<\/b><span style=\"font-weight: 400;\"> Establishing a feedback loop with users helped us gather insights on any issues related to attribute mappings. We encouraged users to report any problems they encountered, which helped us quickly address any issues.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Regular Updates:<\/b><span style=\"font-weight: 400;\"> We created an ongoing process to regularly update attribute mappings to accommodate changes in business requirements or updates in the identity provider&#8217;s schema. This was particularly important as the client&#8217;s requirements evolved over time.<\/span><\/li>\n<\/ul>\n<h3><b>Potential Points of Failure<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Implementing SSO can present several potential points of failure. We proactively identified and addressed these risks:<\/span><\/p>\n<p><b>Misconfiguration of SAML Metadata:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Good Documentation:<\/b><span style=\"font-weight: 400;\"> Documenting every single step of the configuration process in detail helped us avoid errors right from the start. This documentation was crucial for ensuring consistency and providing a clear reference for troubleshooting.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Rigorous Testing:<\/b><span style=\"font-weight: 400;\"> We tested the configuration extensively in various scenarios, not just the ideal ones, to ensure everything was set up correctly. This involved testing edge cases to make sure our setup could handle unexpected situations.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Step-by-Step Implementation:<\/b><span style=\"font-weight: 400;\"> Implementing and validating each step incrementally helped us catch errors early and avoid major setbacks. This incremental approach allowed us to test and verify each part of the system before moving on to the next.<\/span><\/li>\n<\/ul>\n<p><b>Inaccurate Attribute Mapping:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Automated Validation:<\/b><span style=\"font-weight: 400;\"> We had scripts that automated the validation of attribute mappings, this saved us time and reduced errors. This automation was key to maintaining accuracy as the number of attributes and their complexity grew.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Periodic System Reviews:<\/b><span style=\"font-weight: 400;\"> We did regular system reviews and those ensured ongoing accuracy and caught potential issues early. These reviews involved both automated checks and manual reviews to ensure nothing was missed.<\/span><\/li>\n<\/ul>\n<p><b>Security Vulnerabilities:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Automate Certificate Rotation:<\/b><span style=\"font-weight: 400;\"> If you don\u2019t automate the rotation of self-signed certificates, prepare for issues when those expire.\u00a0 You need to ensure that certificates are always up-to-date. This process was crucial for maintaining security without requiring constant manual intervention. This is a very important part of this process.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Implement Strict Access Controls:<\/b><span style=\"font-weight: 400;\"> Having a good IAM policies minimized the risk of unauthorized access. We defined precise roles and permissions to ensure that only authorized users had access to sensitive resources.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Security Audits:<\/b><span style=\"font-weight: 400;\"> Regular security audits helped identify and mitigate potential vulnerabilities, keeping our system secure and compliant. These audits were covering everything from configuration settings to user access logs.<\/span><\/li>\n<\/ul>\n<h3><b>Product Changes<\/b><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Login\/Signup\/Forgot Password Flows:<\/b><span style=\"font-weight: 400;\"> We had to rethink some authentication flows, keeping an eye on the bigger picture and how this piece fits within the larger system. This is especially important in enterprise applications. We redesigned these flows to ensure they were seamless and intuitive for users, while also integrating smoothly with the new SSO system.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>User Sync Across Systems:<\/b><span style=\"font-weight: 400;\"> Managing user statuses across AD and AWS Cognito was challenging. Planning for scenarios like user deactivation in IdP and the appropriate response in SP was essential. We developed a robust syncing mechanism to ensure that user statuses were accurately reflected across both systems, and users were redirected appropriately based on their status.<\/span><\/li>\n<\/ul>\n<h3><b>Lessons Learned<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">There are many good lessons that we learned from this project. Here are some of them:<\/span><\/p>\n<p><b>The Importance of Detailed Documentation:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Configurations:<\/b><span style=\"font-weight: 400;\"> Clear records of configuration settings ensure consistency and ease troubleshooting. Having detailed documentation meant we could quickly resolve any issues that arose.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Mappings:<\/b><span style=\"font-weight: 400;\"> Documenting attribute mappings with stakeholders ensures clarity and accuracy. This documentation was invaluable for maintaining alignment and preventing misunderstandings.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Security Practices:<\/b><span style=\"font-weight: 400;\"> Recording every security measure helps maintain high security standards. Detailed records of our security protocols ensured we met all compliance requirements.<\/span><\/li>\n<\/ul>\n<p><b>Continuous Testing and Validation:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Automated Tests:<\/b><span style=\"font-weight: 400;\"> Automated tests validate configurations and mappings, saving time and reducing errors. These tests were a critical part of our validation process.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Regular Reviews:<\/b><span style=\"font-weight: 400;\"> Regular reviews catch and resolve issues promptly, keeping the implementation on track. These reviews helped us stay proactive rather than reactive.<\/span><\/li>\n<\/ul>\n<p><b>Collaboration and Communication:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Regular Meetings:<\/b><span style=\"font-weight: 400;\"> Regular meetings with team members and stakeholders ensure everyone is on the same page. These meetings were key to maintaining alignment and addressing any issues promptly.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Clear Updates:<\/b><span style=\"font-weight: 400;\"> Frequent updates on progress and issues maintain transparency and trust. Keeping everyone informed helped build trust and ensured we could address any concerns quickly.<\/span><\/li>\n<\/ul>\n<p><b>Iterative Development:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Incremental Progress:<\/b><span style=\"font-weight: 400;\"> Breaking the project into smaller tasks reduces complexity and manages risks. This approach helped us manage the project&#8217;s complexity and stay on track.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Continuous Feedback:<\/b><span style=\"font-weight: 400;\"> A continuous feedback loop with stakeholders helps gather insights and make necessary adjustments promptly. This feedback was essential for ensuring the project met all requirements.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>High-Level View:<\/b><span style=\"font-weight: 400;\"> Always consider how the system pieces work together. This holistic view helped us avoid potential issues and satisfy all project requirements.<\/span><\/li>\n<\/ul>\n<h3><b>Conclusion<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Implementing SSO from Active Directory to AWS Cognito is straightforward once you understand the technical aspects, from configuration to security. By focusing on preparation, continuous validation, and effective collaboration, we navigated potential challenges and achieved a successful implementation. We hope sharing these lessons helps you have a smoother process if you&#8217;re working on a similar project.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you need a similar solution or have questions about your implementation, contact us at <a href=\"mailto:hello@agilno.com\">hello@agilno.com<\/a>.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Our team recently took on the task of implementing Single Sign-On (SSO) from Active Directory to our client portal using<\/p>\n","protected":false},"author":16,"featured_media":2571,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[18,22,11],"tags":[],"class_list":["post-2563","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-backend-development","category-devops","category-engineering"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Insights from Implementing SSO from Active Directory to AWS Cognito - Agilno<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Insights from Implementing SSO from Active Directory to AWS Cognito - Agilno\" \/>\n<meta property=\"og:description\" content=\"Our team recently took on the task of implementing Single Sign-On (SSO) from Active Directory to our client portal using\" \/>\n<meta property=\"og:url\" content=\"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/\" \/>\n<meta property=\"og:site_name\" content=\"Agilno\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-01T13:11:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-06T14:52:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/makeit.com.hr\/agilno\/wp-content\/uploads\/2024\/08\/petar.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1540\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marija\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marija\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/\"},\"author\":{\"name\":\"Marija\",\"@id\":\"https:\/\/makeit.com.hr\/agilno\/#\/schema\/person\/974127270f2ed3dd1687a8077493d715\"},\"headline\":\"Insights from Implementing SSO from Active Directory to AWS Cognito\",\"datePublished\":\"2024-08-01T13:11:46+00:00\",\"dateModified\":\"2024-08-06T14:52:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/\"},\"wordCount\":1735,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/makeit.com.hr\/agilno\/wp-content\/uploads\/2024\/08\/petar.jpg\",\"articleSection\":[\"Backend Development\",\"DevOps\",\"Engineering\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/\",\"url\":\"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/\",\"name\":\"Insights from Implementing SSO from Active Directory to AWS Cognito - Agilno\",\"isPartOf\":{\"@id\":\"https:\/\/makeit.com.hr\/agilno\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/makeit.com.hr\/agilno\/wp-content\/uploads\/2024\/08\/petar.jpg\",\"datePublished\":\"2024-08-01T13:11:46+00:00\",\"dateModified\":\"2024-08-06T14:52:28+00:00\",\"author\":{\"@id\":\"https:\/\/makeit.com.hr\/agilno\/#\/schema\/person\/974127270f2ed3dd1687a8077493d715\"},\"breadcrumb\":{\"@id\":\"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/#primaryimage\",\"url\":\"https:\/\/makeit.com.hr\/agilno\/wp-content\/uploads\/2024\/08\/petar.jpg\",\"contentUrl\":\"https:\/\/makeit.com.hr\/agilno\/wp-content\/uploads\/2024\/08\/petar.jpg\",\"width\":2560,\"height\":1540},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/makeit.com.hr\/agilno\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Insights from Implementing SSO from Active Directory to AWS Cognito\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/makeit.com.hr\/agilno\/#website\",\"url\":\"https:\/\/makeit.com.hr\/agilno\/\",\"name\":\"Agilno\",\"description\":\"We build experiences, products, and businesses that create results\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/makeit.com.hr\/agilno\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/makeit.com.hr\/agilno\/#\/schema\/person\/974127270f2ed3dd1687a8077493d715\",\"name\":\"Marija\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/cb138071e84e3a8e95a4b9e008f46076f9b525fc4df1cbaff6eb2c0d2b36cf80?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cb138071e84e3a8e95a4b9e008f46076f9b525fc4df1cbaff6eb2c0d2b36cf80?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cb138071e84e3a8e95a4b9e008f46076f9b525fc4df1cbaff6eb2c0d2b36cf80?s=96&d=mm&r=g\",\"caption\":\"Marija\"},\"url\":\"https:\/\/makeit.com.hr\/agilno\/author\/marija\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Insights from Implementing SSO from Active Directory to AWS Cognito - Agilno","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/","og_locale":"en_US","og_type":"article","og_title":"Insights from Implementing SSO from Active Directory to AWS Cognito - Agilno","og_description":"Our team recently took on the task of implementing Single Sign-On (SSO) from Active Directory to our client portal using","og_url":"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/","og_site_name":"Agilno","article_published_time":"2024-08-01T13:11:46+00:00","article_modified_time":"2024-08-06T14:52:28+00:00","og_image":[{"width":2560,"height":1540,"url":"https:\/\/makeit.com.hr\/agilno\/wp-content\/uploads\/2024\/08\/petar.jpg","type":"image\/jpeg"}],"author":"Marija","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Marija","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/#article","isPartOf":{"@id":"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/"},"author":{"name":"Marija","@id":"https:\/\/makeit.com.hr\/agilno\/#\/schema\/person\/974127270f2ed3dd1687a8077493d715"},"headline":"Insights from Implementing SSO from Active Directory to AWS Cognito","datePublished":"2024-08-01T13:11:46+00:00","dateModified":"2024-08-06T14:52:28+00:00","mainEntityOfPage":{"@id":"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/"},"wordCount":1735,"commentCount":0,"image":{"@id":"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/#primaryimage"},"thumbnailUrl":"https:\/\/makeit.com.hr\/agilno\/wp-content\/uploads\/2024\/08\/petar.jpg","articleSection":["Backend Development","DevOps","Engineering"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/","url":"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/","name":"Insights from Implementing SSO from Active Directory to AWS Cognito - Agilno","isPartOf":{"@id":"https:\/\/makeit.com.hr\/agilno\/#website"},"primaryImageOfPage":{"@id":"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/#primaryimage"},"image":{"@id":"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/#primaryimage"},"thumbnailUrl":"https:\/\/makeit.com.hr\/agilno\/wp-content\/uploads\/2024\/08\/petar.jpg","datePublished":"2024-08-01T13:11:46+00:00","dateModified":"2024-08-06T14:52:28+00:00","author":{"@id":"https:\/\/makeit.com.hr\/agilno\/#\/schema\/person\/974127270f2ed3dd1687a8077493d715"},"breadcrumb":{"@id":"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/#primaryimage","url":"https:\/\/makeit.com.hr\/agilno\/wp-content\/uploads\/2024\/08\/petar.jpg","contentUrl":"https:\/\/makeit.com.hr\/agilno\/wp-content\/uploads\/2024\/08\/petar.jpg","width":2560,"height":1540},{"@type":"BreadcrumbList","@id":"https:\/\/makeit.com.hr\/agilno\/blog\/insights-from-implementing-sso-from-active-directory-to-aws-cognito\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/makeit.com.hr\/agilno\/"},{"@type":"ListItem","position":2,"name":"Insights from Implementing SSO from Active Directory to AWS Cognito"}]},{"@type":"WebSite","@id":"https:\/\/makeit.com.hr\/agilno\/#website","url":"https:\/\/makeit.com.hr\/agilno\/","name":"Agilno","description":"We build experiences, products, and businesses that create results","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/makeit.com.hr\/agilno\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/makeit.com.hr\/agilno\/#\/schema\/person\/974127270f2ed3dd1687a8077493d715","name":"Marija","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/cb138071e84e3a8e95a4b9e008f46076f9b525fc4df1cbaff6eb2c0d2b36cf80?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/cb138071e84e3a8e95a4b9e008f46076f9b525fc4df1cbaff6eb2c0d2b36cf80?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cb138071e84e3a8e95a4b9e008f46076f9b525fc4df1cbaff6eb2c0d2b36cf80?s=96&d=mm&r=g","caption":"Marija"},"url":"https:\/\/makeit.com.hr\/agilno\/author\/marija\/"}]}},"_links":{"self":[{"href":"https:\/\/makeit.com.hr\/agilno\/wp-json\/wp\/v2\/posts\/2563","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/makeit.com.hr\/agilno\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/makeit.com.hr\/agilno\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/makeit.com.hr\/agilno\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/makeit.com.hr\/agilno\/wp-json\/wp\/v2\/comments?post=2563"}],"version-history":[{"count":4,"href":"https:\/\/makeit.com.hr\/agilno\/wp-json\/wp\/v2\/posts\/2563\/revisions"}],"predecessor-version":[{"id":2576,"href":"https:\/\/makeit.com.hr\/agilno\/wp-json\/wp\/v2\/posts\/2563\/revisions\/2576"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/makeit.com.hr\/agilno\/wp-json\/wp\/v2\/media\/2571"}],"wp:attachment":[{"href":"https:\/\/makeit.com.hr\/agilno\/wp-json\/wp\/v2\/media?parent=2563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/makeit.com.hr\/agilno\/wp-json\/wp\/v2\/categories?post=2563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/makeit.com.hr\/agilno\/wp-json\/wp\/v2\/tags?post=2563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}