How to integrate with KOR through SSO?

KOR Client Integration Guide for AWS Cognito

Welcome to the KOR integration guide for clients who wish to integrate their user base with KOR's Cognito instance on AWS. This guide provides an overview of what AWS Cognito supports and what information we require from you to configure the integration.

Overview of AWS Cognito and SSO Integration

AWS Cognito allows you to add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. With Cognito, you can authenticate users through various identity providers, including social identity providers (such as Facebook, Google, and Amazon), enterprise identity providers via SAML 2.0, and your own identity provider.

Supported Identity Providers

AWS Cognito supports a wide range of identity providers for Single Sign-On (SSO) integration. These include:

  1. SAML 2.0 Identity Providers: Allows federated authentication for users from enterprise identity providers such as Active Directory Federation Services (ADFS) and other SAML-compatible IdPs.
  2. OIDC (OpenID Connect) Providers: Supports integration with various OIDC providers like Okta, Google, Microsoft Azure AD, and other custom OIDC IdPs.
  3. Social Identity Providers: Supports Google, Facebook, and Amazon.
  4. Federated Identity Providers: Via SAML or OIDC.

Client-Specific Considerations

While integrating with AWS Cognito, please be aware that there might be API request throttling depending on usage. This throttling is designed to maintain service quality and ensure fair usage across all clients.

Information Required from Clients

To configure the integration, we require the following information from you:

  1. Identity Provider Metadata: For SAML integrations, provide the XML metadata file or the metadata URL of your Identity Provider (IdP).
  2. Client ID and Secret: For OIDC integrations, provide the Client ID and Client Secret from your Identity Provider.
  3. SAML Attributes: Any specific attributes that need to be mapped from the IdP to Cognito attributes.
    1. Username (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameID
    2. Email (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress)
    3. Family_name (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname)
    4. Given_name (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname)
    5. Phone_number (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilenum)
    6. Title (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/title)
  4. OIDC Scopes: Specify the OIDC scopes required for the integration.
  5. OIDC endpoints: Either auto filled through the issuer URL, or input manually for the authentication endpoint, token endpoint, user info endpoint, and jwks URI.

Integration Steps

  1. Provide Information: Submit the required information mentioned above to our integration team.
    1. Configuration: Our team will configure AWS Cognito based on the provided details.
  2. Testing: We will conduct tests to ensure that the integration works seamlessly.
  3. Deployment: Once testing is complete, the integration will be deployed to the production environment.

Additional Resources

For further assistance, please contact KOR client success, support@korfinancial.com 

We look forward to helping you achieve a seamless SSO experience for your users.