- Newest
- Most votes
- Most comments
Hi,
You need to use the specific Azure AD tenant issuer instead of the "common" endpoint. the common endpoint is not currently supported because the issuer in the tokens that come back from Azure AD must be an exact match to the one defined in Cognito.
This blog post could be helpful and if you continue to get errors after using the tenant specific issuer please open support ticket and our support engineer will help troubleshoot the setup with you.
Hi,
Thanks for a quick reply. I have few questions.
-
Doesn't changing the issuer url path from common to tenant-id, mean that the Microsoft Login (SSO) will be limited only to private accounts of that tenant?. (Refer: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc#fetch-the-openid-connect-metadata-document ) . I guess Common is a valid tenant value.
-
We changed the path issuer url from /common to /{tenant-id} and we are still facing the same error. We already contacted AWS Support but they also couldn't figure out the issue.
-
The blog post you have linked limits the login to members of the tenant specific issuer. We are trying to integrate Microsoft SSO to our Cognito, where anyone with a Microsoft account should be able to login/signup to our userpool. Any insights or guidance would be helpful.
-
Hi! Is there an ETA on when multi tenant authentication might be supported through cognito? Could you please suggest some workarounds to implement sign in with microsoft that one can use in the absence of this method?
I'm also waiting for Cognito to support the "Common" endpoint. This endpoint allows both Microsoft work and personal accounts to make use of social login. Firebase also supports this out of the box.
I created this issue in github but seems it's not on the radar of being fixed any time soon. https://github.com/aws-samples/amazon-cognito-example-for-external-idp/issues/98
Is there an ETA? Because Firebase and other auth products already support this since ages ago. We are now considering migrating to Firebase because we get the feeling that development by Cognito product team is a low priority. Cognito lags behind competitors regarding features and helpful things like auto merge of social account and native accounts.
some workarounds other people tried on frontend. https://stackoverflow.com/questions/64331213/microsoft-oidc-in-aws-cognito-allowing-multiple-tenants
Hi , Just wanted to check if there is any update on this.
Is cognito upgraded to support multi-tenancy using "Common" flag.
Relevant content
- asked 3 months ago
- asked 2 years ago
- asked 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
I'm also waiting for Cognito to support the "Common" endpoint. This endpoint allows both Microsoft work and personal accounts to make use of social login. Firebase also supports this out of the box.
I created this issue in github but seems it's not on the radar of being fixed any time soon. https://github.com/aws-samples/amazon-cognito-example-for-external-idp/issues/98
Is there an ETA? Because Firebase and other auth products already support this since ages ago. We are now considering migrating to Firebase because we get the feeling that development by Cognito product team is a low priority. Cognito lags behind competitors regarding features and helpful things like auto merge of social account and native accounts.