Set Up Okta Identity Provider in an Amazon Cognito User Pool

[schmelz21]

💡 Summary

Our project aims to integrate Okta as an OpenID Connect (OIDC) identity provider (IdP) within an Amazon Cognito user pool. This integration will allow users in our Okta app to obtain user pool tokens from Amazon Cognito.

Motivation and context

Allows for .gov cross-service account management.

Implementation notes

• Set up a user pool with the necessary configurations.
• Ensure that the standard attribute “email” is selected during creation.
• Create an app client within the user pool to enable the hosted web UI.
• Okta: Select OpenID Connect and Web Application.
• Configure the app settings, including the Sign-in redirect URIs
• Add Okta as an OIDC IdP in Your User Pool:
• Map SAML Attributes to User Pool Attributes

Acceptance criteria

• [ ] Configure testing in Staging envirionment
• [ ] Update Playwright test if necessary
• [ ] Deploy production on successful test

[nickviola]

@schmelz21 Can we confirm the User Experience of the login to with Okta? Should it automatically redirect to Okta login or should there be a button or link on Crossfeed original login page? If so, can we clarify what the link or button text will be?