Amazon Cognito user pools - Amazon Cognito
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Cognito user pools

A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito. Your users can also sign in through social identity providers like Google, Facebook, Amazon, or Apple, and through SAML identity providers. Whether your users sign in directly or through a third party, all members of the user pool have a directory profile that you can access through a Software Development Kit (SDK).

User pools provide:

  • Sign-up and sign-in services.

  • A built-in, customizable web UI to sign in users.

  • Social sign-in with Facebook, Google, Login with Amazon, and Sign in with Apple, as well as sign-in with SAML identity providers from your user pool.

  • User directory management and user profiles.

  • Security features such as multi-factor authentication (MFA), checks for compromised credentials, account takeover protection, and phone and email verification.

  • Customized workflows and user migration through Amazon Lambda triggers.

After successfully authenticating a user, Amazon Cognito issues JSON web tokens (JWT) that you can use to secure and authorize access to your own APIs, or exchange for Amazon credentials.

Authentication overview

Amazon Cognito provides token handling through the Amazon Cognito user pools Identity SDKs for JavaScript, Android, and iOS. See Getting started with user pools and Using tokens with user pools.

The two main components of Amazon Cognito are user pools and identity pools. Identity pools provide Amazon credentials to grant your users access to other Amazon services. To enable users in your user pool to access Amazon resources, you can configure an identity pool to exchange user pool tokens for Amazon credentials. For more information see Accessing Amazon services using an identity pool after sign-in and Getting started with Amazon Cognito identity pools (federated identities).

Topics