Odoo Single Sign-On using AWS Cognito as IDP | Odoo AWS Cognito Login
Configure secure Single Sign-On(SSO) login into Odoo with AWS Cognito using our Odoo OAuth Single Sign-On(SSO) module. The Odoo OAuth SSO plugin allows users to use their AWS Cognito credentials for a seamless Odoo AWS Cognito Login via Single Sign-On. Facilitating AWS Cognito SSO enables users to authenticate against their AWS Cognito credentials and securely access your Odoo site. This step-by-step setup guide will help you configure AWS Cognito as Identity Provider (IDP) and Odoo as Service Provider (SP) to achieve AWS Cognito Odoo SSO. To know more about other features we provide in Odoo OAuth Single Sign-On (SSO) plugin, you can click here.
Prerequisites: Download and Installation
- An Odoo installation on your environment.
- Installed miniOrange OAuth SSO module for Odoo.
Steps to configure AWS Cognito Single Sign-On (SSO) Login into Odoo
1. Setup Amazon Cognito as OAuth Provider
- First of all, go to Amazon Console and sign up/login in your account to Configure AWS Cognito.
- Search for Cognito in the AWS Services search bar as shown below.
- Click on Create a user pool to create a new user pool.
- Choose the attributes in your user pool to be used during the sign-in process.
- Set up a strong password to configure your security requirements. Go ahead with the ‘No MFA’ option if you want users to only sign in with a single authentication factor. If you wish to enable MFA (Multi-factor authentication) it will require SMS messages which are charged separately by Amazon SNS. Learn more about that here. Click Next.
- Configure attributes that would be required during the user sign-up flow.
- Choose additional attributes if you wish to and Click Next.
- Configure how your user pool sends email messages to users.
- Enter a name for your user pool, Also Under Hosted authentication pages, check ‘Use the Cognito Hosted UI’.
- Now, Under the Domain section choose the domain type as ‘Use a Cognito domain’. Enter a domain name for your Cognito app.
- Under the Initial app client section, Enter a name for your app client and check on Generate a client secret.
- Now enter your Callback/Redirect URL which you will get from your miniOrange plugin present on your Client side and paste it under the Allowed callback URLs text-field. Also refer the following image for choosing the authentication flows for your app.
- Now, Under Advanced app client settings. Select Identity provider as Cognito user pool & Select Authorization code grant under the OAuth 2.0 grant types and also select openid,email and profile checkboxes under the OpenID Connect scopes section (Please refer to the image below). Click on the Next button to save your configurations.
- Now, Review your selection of requirements. Click Create user pool to confirm the selection and create a user pool.
- After successfully creating your user pool, Select your pool name from the list of pools to start with user creation.
- Go to the Users tab, and click Create user.
- Enter details such as username, email address & password. Click on Create user to save the details.
- After the successful creation of the user, you will need a copy of the Cognito domain, Client ID, and Client Secret. Go to the 'App Integration' section and copy the complete domain name {your domain name}.auth.{region name}.amazoncognito.com. This should be entered into the endpoints field under in the miniOrange OAuth Single Sign-On (SSO) plugin.
- To get the Client ID and Client Secret, stay on the same 'App Integration' tab and scroll down to the 'App clients and analytics' section. Click on your App client name to see the Client ID and Client Secret.
- You have successfully configured AWS Cognito as OAuth Provider for achieving AWS Cognito Single Sign-On (SSO) with Odoo for user authentication.
2. Configure the Odoo Application as OAuth Client
- Navigate to Odoo Homepage and Click on the menu button.
- Click on miniOrange OAuth 2.0.
- Click on Create button to configure your Identity Provider (IDP).
- You will see the following Screen.
- In General Configuration, fill in the name of the Identity Provider (eg, AWS Cognito). You will also need to fill the following fields which you will get from your IdP.
- In the Attribute Mapping section, you can map the attributes from your IdP to users on the Odoo ERP system as desired. In the Mapping section, you can map the groups from IdP to your Odoo system. After filling in the required fields, you can click on the save button.
- We are done with setting up SSO using miniOrange OAuth SSO module for Odoo.
| Client ID: | as provided by AWS Cognito |
| Client Secret: | as provided by AWS Cognito |
| Scope: | openid |
| Authorize Endpoint: | https://<cognito-app-domain>/oauth2/authorize |
| Access Token Endpoint: | https://<cognito-app-domain>/oauth2/token |
| Get User Info Endpoint: | https://<cognito-app-domain>/oauth2/userinfo |
3. Test the configuration by following there steps
- Go to Odoo Login page. You will see an extra button with same name as configured in the module.
- Click on the button and you will be directed to you IdP login page. Enter your IdP credentials and click Login. After successful authentication, you will be logged into Odoo.
In this Guide, you have successfully configured the miniOrange OAuth SSO module for Odoo to Login using AWS Cognito credentials. Now your users can log in to Odoo using your Cognito IdP credentials.
Need Help?
Mail us on odoosupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.
×
![ADFS_sso]()
Hello there!
Need Help? We are right here!
