AWS Cognito - migrate users from external provider

0
votes

I have a web application which uses Cognito to allow users to login. Cognito uses external provider (Okta). When user login first time user entry is created in user pool. I also have second application which has to use the same user pool, but because of specifics of this application I have to use email and password authentication.

I would like users to receive an email asking them to set (reset) their password when they first log in web app. What's a best way to achieve that?

As far as i know it's impossible to set password for EXTERNAL_PROVIDER users, but I can accept creating new (duplicating) users. But still I'd like to ask about best way to do this.

1
amazon-web-servicesamazon-cognito

1 Answers

0
votes

Instructions below are for migrating between cognito instances, but you might find them useful.

there is only one way to get this done is migration lambda trigger. In short:

  • create new cognito
  • create migration lambda
  • add this lambda as a trigger to login and/or forgotten passwords
  • point users at cognito (this might not be necessary in your instance)
  • upon login, Cognito will check locally and if user is not found, will use the trigger to check programmatically in another source.

If authentication is successful, old cognito will return object with all properties, incl passwords, which you can then insert into new cognito.

more info here: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html