Cognito User Pool (CUP)

• Create a serverless database of user for your web & mobile apps
• Simple login: Username (or email) / password combination
• Password reset
• Email & Phone Number Verification
• Multi-factor authentication (MFA)
• Federated Identities: users from Facebook, Google, SAML…
• Feature: block users if their credentials are compromised elsewhere
• Login sends back a JSON Web Token (JWT)

Cognito User Pools – Lambda Triggers

• CUP can invoke a Lambda function synchronously on these triggers:

  

Cognito User Pools – Hosted Authentication UI

• Cognito has a hosted authentication UI that you can add to your app to handle sign-up and sign-in workflows
• Using the hosted UI, you have a foundation for integration with social logins, OIDC or SAML
• Can customize with a custom logo and custom CSS

CUP – Adaptive Authentication

• Block sign-ins or require MFA if the login appears suspicious
• Cognito examines each sign-in attempt and generates a risk score (low, medium, high) for how likely the sign-in request is to be from a malicious attacker
• Users are prompted for a second MFA only when risk is detected
• Risk score is based on different factors such as if the user has used the same device, location, or IP address