Search Results :


DNN OAuth Single Sign-On (SSO) Using AWS Cognito As OAuth Provider

DNN OAuth Single Sign-On (SSO) module gives the ability to enable OAuth Single Sign-On for your DotNetNuke site. Using Single Sign-On you can use only one password to access your DotNetNuke site and services. Our module is compatible with all the OAuth compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between DNN and AWS Cognito considering AWS Cognito as OAuth Provider. To know more about the other features we provide for DNN OAuth Single Sign-On (SSO), click here.

Pre-requisites: Download and Installation

  • Download the DNN Oauth Single Sign On module with above link.
  • Extract the package and upload the extension dnn-oauth-single-sign-on_xxx_Install by going to Settings > Extension > Install Extension
  • DNN AWS Cognito OAuth SSO - install extension

1. Adding Module on DNN page

  • Open any of the page on your DNN site (Edit mode) and Click on Add Module.
  • DNN AWS Cognito OAuth SSO - add dnn module
  • Search for oauthclientsso and click on the oauthclientsso. Drag and drop the module on the page where you want.
  • DNN AWS Cognito OAuth SSO - oauthclientsso
  • You have finished with the Installation of the module on your DNN site.
  • If you want to add module on every page of your dnn site, go to Module Settings >> Module Settings >> Advanced Settings.
  • DNN AWS Cognito OAuth SSO - advanced settings
  • Check the box for Display Module on All Pages and click on Update.
  • Under oauthclientsso settings tab, select AWS Cognito as identity provider (IDP).
  • DNN OAuth Single Sign-On (SSO) using AWS Cognito as IDP - Select Zoho as IDP
  • Copy the Redirect/Callback URL and provide the same to your OAuth Provider.
  • DNN OAuth Single Sign-On (SSO) using AWS Cognito as IDP - Copy Redirect/Callback URL
  • Please refer the below table for configuring the scope & endpoints for AWS Cognito in the plugin.
  • Scopes openid
    Authorize Endpoint: https://<cognito-app-domain>/oauth2/authorize
    Access Token Endpoint: https://<cognito-app-domain>/oauth2/token
    Get User Info Endpoint: https://<cognito-app-domain>/oauth2/userInfo
    Custom redirect URL after logout:[optional] https://<cognito-app-domain>/logout?client_id=<Client-ID>&logout_uri=<Sign out URL configured in Cognito Portal>

2. Configure AWS Cognito as OAuth Provider

  • First of all, go to Amazon Console and sign up/login in your account to Configure AWS Cognito.

  • AWS Cognito Single Sign-On (SSO) - Login to Amazon Console
  • Search for Cognito in the AWS Services search bar as shown below.

  • AWS Cognito Single Sign-On (SSO) - Search for AWS Cognito
  • Click on Create a user pool to create a new user pool.

  • AWS Cognito Single Sign-On (SSO) - click on create user pool
  • Choose the attributes in your user pool to be used during the sign-in process

  • AWS Cognito Single Sign-On (SSO) - configure sign in experience
  • Set up a strong password to configure your security requirements. Go ahead with the ‘No MFA’ option if you want users to only sign in with a single authentication factor. If you wish to enable MFA (Multi-factor authentication) it will require SMS messages which are charged separately by Amazon SNS. Learn more about that here. Click Next.

  • AWS Cognito Single Sign-On (SSO) - set up a strong password AWS Cognito Single Sign-On (SSO) - sign in with a single authentication factor
  • Configure attributes that would be required during the user sign-up flow.

  • AWS Cognito Single Sign-On (SSO) - configure sign up experinece
  • Choose additional attributes if you wish to. Click Next.

  • AWS Cognito Single Sign-On (SSO) - configure attributes for user sign up flow
  • Configure how your user pool sends email messages to users.

  • AWS Cognito Single Sign-On (SSO) - configure message delivery
  • Enter a name for your user pool, Also Under Hosted authentication pages, check ‘Use the Cognito Hosted UI’.

  • AWS Cognito Single Sign-On (SSO) - enter a name for your user pool
  • Now, Under the Domain section choose the domain type as ‘Use a Cognito domain’. Enter a domain name for your Cognito app.

  • AWS Cognito Single Sign-On (SSO) -enter a domain name
  • Under the Initial app client section, Enter a name for your app client and check on Generate a client secret.

  • AWS Cognito Single Sign-On (SSO) - enter a name for your app client
  • Now enter your Callback/Redirect URL which you will get from your miniOrange plugin present on your Client side and paste it under the Allowed callback URLs text-field. Also refer the following image for choosing the authentication flows for your app.

  • AWS Cognito Single Sign-On (SSO) - enter your callback url
  • Now, Under Advanced app client settings. Select Identity provider as Cognito user pool & Select Authorization code grant under the OAuth 2.0 grant types and also select openid,email and profile checkboxes under the OpenID Connect scopes section (Please refer to the image below). Click on the Next button to save your configurations.

  • AWS Cognito Single Sign-On (SSO) - advanced app client settings
  • Now, Review your selection of requirements. Click Create user pool to confirm the selection and create a user pool.

  • AWS Cognito Single Sign-On (SSO) - review your selection of requirements AWS Cognito Single Sign-On (SSO) - main application client settings
  • After successfully creating your user pool, Select your pool name from the list of pools to start with user creation.

  • AWS Cognito Single Sign-On (SSO) - select your pool name
  • Go to the Users tab, and click Create user.

  • AWS Cognito Single Sign-On (SSO) - create user
  • Enter details such as username, email address & password. Click on Create user to save the details.

  • AWS Cognito Single Sign-On (SSO) - enter username email password
  • After the successful creation of the user, you will need a copy of the Cognito domain, Client ID, and Client Secret. Go to the 'App Integration' section and copy the complete domain name {your domain name}.auth.{region name} This should be entered into the endpoints field under in the miniOrange OAuth Single Sign-On (SSO) plugin.

  • AWS Cognito Single Sign-On (SSO) - app integration tab
  • To get the Client ID and Client Secret, stay on the same 'App Integration' tab and scroll down to the 'App clients and analytics' section. Click on your App client name to see the Client ID and Client Secret.

  • AWS Cognito Single Sign-On (SSO) - app clients and analytics AWS Cognito Single Sign-On (SSO) - client id client secret

You have successfully configured AWS Cognito as OAuth Provider for for achieving AWS Cognito Single Sign-On (SSO) with WordPress for user authentication.

3. Test Configuration

  • After saving settings, you can see the list of applications you have configured.
  • Click on Edit to update the configuration.
  • DNN AWS Cognito OAuth SSO - test configuration
  • Click on Test Configuration to check if the configuration is correct.
  • On successful configuration, you will get Attributes Name and Attribute Values on Test Configuration window.
  • DNN AWS Cognito OAuth SSO - Test OAuth SSO

4. Attribute Mapping

  • Go to the oauthclientsso settings >> Advanced Settings >> Attribute Mapping.
  • DNN AWS Cognito OAuth SSO - attribute mapping
  • Map email and username with Attribute Name you can see in Test Configuration window.

5. Adding widget

  • For adding the widget go to Add Widget.
  • DNN AWS Cognito OAuth SSO - adding widget
  • Click on Add Widget button. A button will be added on the DNN page.

You can configure the ASP.NET SAML Single Sign-On (SSO) module with any identity provider such as ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider. To check other identity providers, click here.

Additional Resources

Need Help?

Not able to find your identity provider? Mail us on and we'll help you set up SSO with your IDP and for quick guidance (via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.

Hello there!

Need Help? We are right here!

Contact miniOrange Support

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to