Page Comparison

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

...

Open the Amazon Cognito console. If prompted, enter your AWS credentials
In the upper left corner, choose “User pools”
Choose your existing user pool
Choose “App integration”
Choose “Create resource server”
Resource server:
1. Enter a resource server name
and
2. Enter a resource server identifier of rs
Custom scopes: Enter a scope name of “modelop_client”
Choose “Create resource server”

...

Open the Amazon Cognito console. If prompted, enter your AWS credentials
In the upper left corner, choose “User pools”
Choose your existing user pool
Choose “App integration”
Choose “Create app client”
App client
1. App type: “Confidential client”
2. App client name: Enter “internal-client”
3. Client secret: Choose “Generate a client secret”
4. Authentication flows: Selected default values
5. Refresh token expiration: Any
6. Access token expiration: 480 minutes
7. ID token expiration: 480 minutes
8. Advanced security configurations: Select
  1. Enable token revocation
  2. Prevent user existence errors
Hosted UI settings
1. Allowed callback URLs: None
2. Allowed sign-out URLs - optional: None
3. Identity providers: Select “Cognito user pool”
4. OAuth 2.0 Grant Types: Select “Client credentials”
5. Custom scopes: Select <resource-server-identifier> rs/modelop_client
6. Attribute read and write permissions: Selected default values
7. Choose “Create app client”

...

Open the Amazon Cognito console. If prompted, enter your AWS credentials
In the upper left corner, choose “User pools”
Choose your existing user pool
Choose “App integration”
Choose “Create app client”
App client
1. App type: “Public client”
2. App client name: Enter “external-integration-client”
3. Client secret: Choose “Don’t generate a client secret”
4. Authentication flows: Selected default values
5. Refresh token expiration: Any
6. Access token expiration: 480 minutes
7. ID token expiration: 480 minutes
8. Advanced security configurations: Select
  1. Enable token revocation
  2. Prevent user existence errors
Hosted UI settings
1. Allowed callback URLs: Enter:
  1. https://<ModelOp-Center-Env>/jupyterOauth2ImplicitGrant.html
  2. https://<ModelOp-Center-Env>/modelOpWDC.html
  3. https://oauth.powerbi.com/views/oauthredirect.html
2. Allowed sign-out URLs - optional: None
3. Identity providers: Select “Cognito user pool”
4. OAuth 2.0 Grant Types: Select “Implicit grant”
5. OpenID Connect scopes: Select
  1. OpenID
  2. Email
  3. Profile
6. Custom scopes: None
7. Attribute read and write permissions: Selected default values
8. Choose “Create app client”

Additional notes

Cognito users

Follow these steps to create a user in your user pool:

Open the Amazon Cognito console. If prompted, enter your AWS credentials
In the upper left corner, choose “User pools”
Choose your existing user pool
Choose “Users”
Choose “Create user”
User information
1. Alias attributes used to sign in: Choose
  1. User name
  2. Email
2. Invitation message: Choose “Don't send an invitation”
3. User name: Enter a user name
4. Email address - optional: Enter an email address
5. Select “Mark email address as verified”
6. Temporary password: Choose “Set a password”
7. Password: Enter a temporary password
8. Choose “Create user”

Cognito groups

Follow these steps to create a group in your user pool:

Open the Amazon Cognito console. If prompted, enter your AWS credentials
In the upper left corner, choose “User pools”
Choose your existing user pool
Choose “Groups”
Choose “Create group”
Group information
1. Group name: Enter a group name
2. Choose “Create group”

Assign Cognito user to a Cognito group

Open the Amazon Cognito console. If prompted, enter your AWS credentials
In the upper left corner, choose “User pools”
Choose your existing user pool
Choose “Groups”
Choose an existing group
Choose “Add user to group”
Choose an existing user
Choose “Add”