Tovuti support several single sign-on providers. This article outlines the steps to set up AWS Cognito and covers the following concepts:
- Set AWS as SSO Provider in Tovuti
- Configure AWS Cognito as Identity Provider (IDP)
- Create a Domain Name in AWS
- Finish Configuring Tovuti as a Service Provider (SP)
- User Profile Field and Attribute Mapping
- User Group Mapping
- Enable Login Link
Set AWS as SSO Provider in Tovuti
Go to Configuration > click Single Sign-On > click New
Enter the Details tab, give this provider a Title. It is suggested that the title contains a reference to AWS for easy selection in the future.
Toggle OAuth2 in SSO Type > Select ADFS in “OAuth2 Application.”
Configure AWS Cognito as Identity Provider (IDP)
Log into AWS Admin Console > go to Cognito > select Manage User Pools
Click on "Create a User Pool." Give this user pool a Name.
Click "Add App Client" and give this app client a name. Click "Create app client."
Click "Return to pool details."
Click "Create Pool" > go to App Integration > click App client settings > select "Enabled Identity Providers" > select "Cognito User Pool."
Copy the Callback URL from the "Service Provider Settings" tab in Tovui and paste it into the Callback URL field.
Click Save changes.
Create a Domain Name in AWS
Go to App Integration > click Domain name. Enter a Domain name.
For more information directly from AWS Cognito on this process, see the following documentation.
Additionally, view documentation for adding a domain name.
Finish Configuring Tovuti as a Service Provider (SP)
Go to General Settings > click App Clients > click Show Details
Copy and paste the following 3 items from this window into the Identity Provider Settings tab in Tovuti.
- App Name
- App Client ID
- App Client Secret
Copy the Domain name and paste it into the AWS Cognito App Domain Field.
Click Update.
User Profile Field and Attribute Mapping
After configuring all the settings in AWS> click the "User Profile Field Mapping" tab in Tovuti
Enable the desired settings and provide the attributes found in AWS. Create profile fields by clicking the "+" icon.
Configuring the settings in this tab syncs the profile field and attribute information between Tovuti and AWS. The details of the User Profile Field Mapping tab are covered in this Help Center article.
While auto-registering the users on the Tovuti site, these attributes automatically map to Tovuti user details.
User Group Mapping
Click the User Group Mapping tab.
Enable the desired settings and provide the attributes found in AWS. Create profile fields by clicking the "+" icon.
Configuring the settings in this tab syncs group information between Tovuti and AWS. The details of the User Group Mapping tab are covered in this Help Center article.
While auto-registering, the users are assigned roles based on the group they are mapped to.
At any time, the configuration can be tested in the Identity Provider Settings tab.
It is recommended to run multiple tests over time to ensure everything is working properly.
Enable Login Link
Go to Details Tab > toggle Yes on Add Login Link to Navigation > select the menu where this link will appear and give the link a name
Click Save.