Search Results :


AWS Cognito Single Sign On (SSO) Integration using Drupal as IDP

AWS Cognito Single Sign On (SSO) Integration using Drupal as IDP

Drupal can be set as a centralized identity provider or an authentication source for the users across other applications via Single Sign-On (SSO). This document will walk you through the steps of integrating Drupal as SAML 2.0 IdP and AWS Cognito as Service Provider (SP) using the miniOrange SAML IDP module. This will allow you to manage users and their permissions in a place and at the same time the users can access multiple applications with single credentials. The module is compatible with Drupal 7, Drupal 8, Drupal 9, and Drupal 10.

Installation Steps 

  • Download the module:
    composer require 'drupal/miniorange_saml_idp'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange SAML Identity Provider using the search box.
  • Enable the module by checking the checkbox and click on install button.
  • Configure the module at
  • Install the module:
    drush en miniorange_saml_idp
  • Clear the cache:
     drush cr
  • Configure the module at
  • Navigate to Extend menu on your Drupal admin console and click on Install new module button.
  • Install the Drupal SAML IDP 2.0 Single Sign On (SSO) - SAML Identity Provider module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on install button.
  • Configure the module at

Download Drupal SAML IdP Metadata:

  • Once the module is installed, navigate to the Configuration tab from the top navigation bar and click on the miniOrange SAML IDP Configuration.
  • Configuration-Drupal-Click-on-miniOrange-SAML-IDP-Configuration
  • In the IDP Metadata tab, click on the Download Metadata button to download the IdP metadata. Keep it handy. (This is used later to setup SAML interaction with Service Provider)
  • Drupal-Single-Sign-On-Click-on-Download-Metadata-button

Configure AWS Cognito as Service Provider:

  • Login to the AWS console.
  • Under the search bar search for Cognito and click on it.
  • AWS-Cognito-SAML-SP-Search-for-Cognito
  • Click on the Create user pool button.
  • AWS Cognito as SP and Drupal as IDP, Manage User Pools
  • In Configure sign-in experience select the following configurations :
    • Enable the checkbox Federated identity providers.
    • From the Cognito user pool sign-in options enable the checkbox of the attributes using which the users should be allowed to login.
    • Choose SAML under the Federated Sign-in options.
  • AWS-Cognito-SAML-SP-Select-SAML-Federated-Identity-Provider
  • Click on the Next button.
  • In Configure security requirements, choose password policy mode, Multi-factor authentication (MFA) requirements, user account recovery options click on the Next button.
  • AWS-Cognito-SAML-SP-Configure-MFA
  • Select the suitable options from the Configure sign-up experience as per the requirements and click on the Next button.
  • AWS-Cognito-SAML-SP-Configure-Sign-in-Experience
  • Choose Send email with Cognito as the Email Provider and click Next.
  • AWS-Cognito-SAML-SP-Select-Message-Delivery-Option
  • Enter the User pool name. Select Other from Initial app client. Enter the App client name and then click on the Next button.
  • AWS-Cognito-SAML-SP-Enter-UserPool
  • Verify the required information, scroll down and click on the Create user pool button.
  • Now search for the created user pool and click on it.
  • AWS-Cognito-SAML-SP-Select-Created-UserPool
  • Navigate to the Sign-in experience tab.
  • AWS-Cognito-SAML-SP-Navigate-to-Sign-In-Experience
  • Click on Add identity provider button.
  • AWS-Cognito-SAML-SP-Click-Add-Identity-Providers
  • Select SAML.
  • AWS-Cognito-SAML-SP-Select-SAML
  • Enter the Provider name and upload the IdP metadata file that you downloaded from Drupal site in step 2.
  • AWS-Cognito-SAML-SP-Enter-Drupal-Metadata
  • Enter the SAML attribute in which the email of the user is received and click on the Add identity provider button.
  • AWS-Cognito-SAML-SP-Select-SAML-Attribute
  • Navigate to the App integration section.
  • AWS-Cognito-SAML-SP-Click-App-Integeration
  • Under the Actions dropdown click on Create Cognito domain.
  • AWS-Cognito-SAML-SP-Click-Create-Cognito-Domain
  • Enter the Cognito domain name as per your choice and click on Create Cognito domain button.
  • AWS-Cognito-SAML-SP-Enter-Custom-Domain-Name

Configuring Drupal as Identity Provider:

  • Navigate to the Drupal site and switch to the Service Provider Setup tab of the module. Enter the Application name under the Service Provider Name text field. For example, AWS.
  • Enter the ACS URL. The ACS URL under Service Provider Setup tab in this format:

    https://Your user pool domain/saml2/idpresponse

  • Drupal-Single-Sign-On-Paste-the-SP-ACS-URL
  • In AWS Cognito -> User pools -> Application name (which you have created on AWS) -> under User pool overview and then get your User pool ID. Keep it handy. Usually, the Entity Id is in the format:


  • AWS-Cognito-SAML-SP-Copy-UserPool-ID
  • In Drupal's Service Provider Setup tab, paste the previously copied Entity Id into the SP Entity ID or Issuer text field.
  • AWS-Cognito-SAML-SP-Copy-UserPool-ID
  • Scroll down and click on the Save Configuration button.

You have successfully configured the SAML SSO between AWS Cognito as SAML SP and Drupal as SAML IDP.

Note: The AWS Cognito does not support IDP initiated SSO. To test the connection you can perform SSO from AWS application.

Additional Features:

Explore the advanced features offered by the module with full-featured trial. You can initiate the trial request using Request 7-day trial button of the module or reach out to us at for one-on-one assistance from Drupal expert.

 Case Studies
miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly flexible/customizable Drupal solutions. Feel free to check out some of our unique case studies using this link.
 Other Solutions
Feel free to explore other Drupal solutions that we offer here. The popular solutions used by our trusted customers include 2FA, User Provisioning, Website Security. 
  24*7 Active Support
The Drupal developers at miniOrange offer quick and active support for your queries. We can assist you from choosing the best solution for your use case to deploying and maintaining the solution.
Hello there!

Need Help? We are right here!

Contact miniOrange Support

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to