188 Request a demo Download
Request a demo Download Star on GitHub · 188
BridgeLink plugin

Cognito SSO

Single sign-on for BridgeLink through Amazon Cognito.

User guide Request a demo

Why it matters

One set of credentials, everywhere.

Managing separate user accounts across multiple BridgeLink environments is a maintenance challenge and a security risk. The Cognito SSO plugin authenticates your users against an Amazon Cognito user pool, so the same credentials work across every instance and user management lives in one identity provider. That reduces overhead and strengthens your security posture, with an optional local fallback so you are never locked out.

Capabilities

What it does.

Cognito authentication

Authenticate BridgeLink users against credentials stored in an Amazon Cognito user pool.

Centralized identity

Use the same credentials across multiple BridgeLink instances, centralizing user management in one identity provider.

Local fallback

Optionally fall back to local authentication when Cognito is unavailable, so you are never locked out.

How it works

Get started in minutes.

  1. 1

    Create a Cognito user pool

    Set up an Amazon Cognito user pool in the AWS Console with a public app client, and note the User Pool ID and App Client ID.

  2. 2

    Grant BridgeLink access

    Use a role-based EC2 permission so BridgeLink can reach Cognito, rather than storing AWS keys directly.

  3. 3

    Configure the plugin

    In Settings > Cognito, enable it and enter your User Pool ID, App Client ID, and AWS region.

  4. 4

    Test and go live

    Run Test Connection to validate your settings, then your users sign in with their Cognito credentials.

Requirements

What you'll need.

  • An AWS account with an Amazon Cognito user pool
  • A public app client on the user pool (no client secret)
  • Role-based access for BridgeLink to reach Cognito, recommended over stored AWS keys
  • Pre-installed on the AWS Marketplace 'Advanced with SSL' editions, or installed manually

FAQ

Frequently asked questions.

What happens if Cognito is unavailable?

Enable 'Fallback to Local' so users can sign in with local BridgeLink credentials when Cognito authentication fails.

Do I need to store AWS keys in BridgeLink?

No. Role-based EC2 permissions are recommended so BridgeLink can reach Cognito without storing an AWS Access ID and Key.

Can I use the same logins across multiple instances?

Yes. Because users authenticate against a shared Cognito user pool, the same credentials work across all of your BridgeLink instances.

How do I confirm my settings are correct?

Use the built-in Test Connection button to validate your Cognito configuration before users sign in.

Is it already installed?

It is pre-installed on the AWS Marketplace 'Advanced with SSL' and 'Advanced with SSL Autoscaling' editions, and can be installed manually on others from the Extensions screen.

Availability

Pre-installed on the AWS Marketplace 'Advanced with SSL' and 'Advanced with SSL Autoscaling' editions. Can be installed manually on other editions.

Add Cognito SSO to BridgeLink.

Talk to us about your deployment, or read the full user guide to get started.

Request a demo User guide