Cognito is the primary service in AWS that can be used as an identity provider, for securing applications with authentication, authorization, and access control. The important features of Cognito are as follows:
- User sign-up
- User sign-in
- User creation by an administrator
- A set of predefined attributes, as well as support for creating custom attributes
- Multi-factor authentication (MFA)
- User profile management
- Email and SMS verification
- Forgot password
- Forcing a change of password after first login (in the case of admin user creation)
- Support for guest users
- Prevention of man-in-the-middle attacks through Secure Remote Password (SRP) protocols
- Enabling or disabling of user accounts by an administrator
- Deleting user accounts
- Support for customization, using Lambdas invoked through predefined triggers
- Support for authentication from other identity providers, such as Google, Facebook, Twitter, and so on