AWS Cognito SAML Single Sign-On (SSO) | AWS SSO Login with WordPress
AWS Cognito SAML Single Sign-On (SSO) | AWS SSO Login with WordPress
AWS Cognito
AWS Cognito SSO - Login using WordPress Users (WP as SAML IDP) Plugin enables Single Sign-On (SSO) login into AWS using WordPress Login credentials. In this guide, we will set up SAML Single Sign-On (SSO) with WordPress in AWS Cognito by configuring AWS Cognito as SP (Service Provider) and WordPress as IdP (Identity Provider).
Pre-requisites: Download And Installation
To integrate the WordPress site as an Identity Provider, you will need to install the miniOrange Login using WordPress Users (WP as SAML IDP) plugin:
By miniOrange
Single Sign-On (SSO) login with WordPress Users into any Service Provider like Tableau, Zoho, Zoom, Moodle, Canvas LMS, Absorb LMS, TalentLMS, etc.
Guide to set up AWS Cognito SSO Login with WordPress:
1. Configure AWS Cognito as the Service Provider (SP)
- Go to the WordPress IDP plugin, navigate to the IDP Metadata tab.
- Here, you can find here the Identity Provider Metadata URL /XML Metadata or endpoints like IDP Entity ID, SAML Login URL, SAML Logout URL (Premium Feature), Certificate for SP configuration.
Create a user pool if not created already.
- Go to the Amazon Cognito console. You might be prompted for your AWS credentials.
- Choose an existing user pool from the list, or Create a User Pool.
Configure SAML Identity Provider in your user pool.
- Go to your User Pool.
- Navigate to the Sign-In Experience tab.
- Scroll down to the Federated identity provider sign-in section.
- Click on Add identity provider (if not already created).
- Choose SAML as Identity Provider.
- Enter a name for your Identity provider.
- Choose your desired method to Upload IDP Metadata.
- Click on the Add Identity provider.
Change App client settings for your user pool.
- In the User Pool, under App integration.
- Go to your configured App Client, and scroll down to the Hosted UI section.
- Click on Edit.
- On the Hosted UI edit page, do the following : For Callback URL(s), enter a URL where you want your users to be redirected after they log in. For testing, you can enter any valid URL, such as https://www.example.com/. Under Identity providers, select the Name provided while configuring Identity Provider in the previous step and Cognito User Pool from the dropdown. Under OAuth 2.0 grant types, select Authorization code grant and Implicit grant from the dropdown.
- Click on Save Changes.
You have successfully configured AWS Cognito as Service Provider.
2. Configure WordPress (WP) as IdP (Identity Provider)
- You would need following credentials from Amazon Cognito.
- You can find your User Pool ID in the top section of User Pool.
- You can find your Cognito Domain in the App Integration tab of your User Pool.
| Entity ID | e.g. urn:amazon:cognito:sp:yourUserPoolID |
| ACS URL | e.g. https://yourDomainPrefix.auth.region.amazoncognito.com/saml2/idpresponse. |
Instructions:
- Open the WordPress site.
- Go to the WordPress IDP plugin, navigate to the Service Provider tab.
- Enter the values corresponding to the information from Amazon Cognito. Refer to the table below.
- Click on the Save button to save your configuration.
| Service Provider Name | Name of your Service Provider. |
| SP Entity ID or Issuer | Copy and paste the SP-EntityID from Amazon Cognito. |
| ACS URL | Copy and paste the ACS URL from Amazon Cognito. |
| NameID Format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
| Assertion Signed | Checked |
3. Attribute Mapping (This is a premium feature)
In WordPress:
- In the WordPress IDP plugin, navigate to the Attribute/Role Mapping tab.
- In the User Attributes section, enter the following information and click on Save .
- You can also add more attributes by clicking on + sign to add attributes.
- In the Custom Attributes section, enter the following information and click Save .
| Name | User Meta Data |
| FirstName | first_name |
| LastName | last_name |
| user_email |
| Name | Custom Attribute Value |
| Custom | customvalue |
4. Testing SSO
- In the User Pool, under App integration.
- Go to your configured App Client, and scroll down to the Hosted UI section.
- Click on View Hosted UI.
- Click on the Button below Sign in with your corporate ID
- You would be redirected to the WordPress Login screen. Enter the Credentials and click Log in.
- If you were able to redirect to the selected Callback URL, then your configuration is correct.
In this Guide, you have successfully integrated AWS Cognito SAML Single Sign-On (SSO) with the plugin - Login using WordPress Users ( WP as SAML IDP ). Configuring AWS Cognito as SP and WordPress as IDP. This solution ensures that you are ready to roll out secure Single Sign-On (SSO) access with SAML 2.0 Authentication into AWS Cognito SSO using WordPress login credentials.
Additional Resources
Why Our Customers choose miniOrange WordPress Single Sign-On (SSO) Solutions?
24/7 Support
miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.
Sign UpExtensive Setup Guides
Easy and precise step-by-step instructions and videos to help you configure within minutes.
Watch DemoWe offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at
+1 978 658 9387 (US) | +91 97178 45846 (India) wpidpsupport@xecurify.com
Need Help? We are right here!
