Where do I connect Amazon Cognito in Apiable?

Go to Integrations then Identity Providers, start a new connection, choose Amazon Cognito, and fill in the Authorization tab. The dashboard may label this section AuthN Providers.

What fields does Amazon Cognito need?

Connection Name, User Pool ID, Region, and App Client ID are required. Client Secret is a masked field for app clients that have one.

Where do I find my Cognito User Pool ID and Region?

In the AWS Cognito console for your user pool. The User Pool ID and the AWS Region of the pool are shown there, along with the App Client ID under the pool's app clients.

Do I always need a Cognito Client Secret?

Only if your Cognito app client is configured with one. The Client Secret field is a masked password and is not marked required.

How do users sign in with Amazon Cognito after I connect it?

Turn the provider Active and assign it to companies. Their users then see a Cognito sign-in option on the portal login and are redirected to Cognito to authenticate.

Integrations

Connect Amazon Cognito

Connect Amazon Cognito as an Identity Provider in Apiable. Enter a Connection Name, User Pool ID, Region, App Client ID, and Client Secret, then assign it to companies.

You connect Amazon Cognito as an Identity Provider under Integrations → Identity Providers. You name the connection, enter your user pool ID, its AWS region, and the app client's ID and secret, then save and assign it to the companies whose users should sign in through it.

Where do you connect Amazon Cognito?

Open Integrations → Identity Providers, start a new connection, and select Amazon Cognito. The select screen is headed Authentication Providers.

Open Integrations → Identity Providers.
Start a new connection. The select screen, headed Authentication Providers, lists the provider types.
Select Amazon Cognito, then continue to connect.
The connection opens on the Authorization tab, where you enter the credentials.

What does each Amazon Cognito field mean?

The Authorization tab asks for a connection name and your user pool details. Required fields are marked. Enter them, then save.

Field	What to enter
Connection Name	A label for this connection inside Apiable. Required.
User Pool ID	The ID of your Amazon Cognito user pool. Required.
Region	The AWS region the user pool lives in. Required.
App Client ID	The app client ID from that user pool. Required.
Client Secret	The app client's secret, if it has one. Entered as a masked password.

How do you set the display name, icon, and display mode?

Open the Details tab. Set a Display Name for the sign-in button, upload a Display Icon, and pick a Display Mode of Standalone or Grouped. These control how the provider appears on your portal login screen.

A Standalone provider gets its own button on the login screen, showing its display name and icon. A Grouped provider is reached through one shared SSO button instead. See Identity Providers for how each mode looks to the consumer.

How do you assign companies and force SSO?

Open the Assignment tab, which unlocks after you save the provider. Turn on assign all companies or pick specific ones, set Force SSO if those users must use the provider, then save the assignment.

Save the connection from the Authorization tab. The Assignment tab is disabled until the provider exists.
On Assignment, either toggle assign all companies on, or leave it off and select companies from the searchable list.
Toggle Force SSO on to remove password sign-in for those users, or leave it off to keep password as a fallback.
Save the assignment with the button on the tab.

How do you activate the provider?

Use the Active toggle above the tabs. With it on and the provider assigned to at least one company, that company's users see the Amazon Cognito sign-in option on the portal login screen.

When a covered user signs in, the portal redirects them to Amazon Cognito to authenticate, then back to your portal. If Force SSO is on for their company, the portal does not offer them a password option.

Troubleshooting

Match what you see to the fix. Connection-level errors surface in your dashboard; sign-in behavior shows on the portal login screen.

What you see	What to do
The Assignment tab is greyed out	The provider has not been saved yet. Complete the Authorization tab and save, then open Assignment.
The provider does not appear on the portal login	Confirm the Active toggle is on and the user's company is selected on the Assignment tab.
Sign-in redirects fail at Cognito	Recheck the User Pool ID, Region, and App Client ID, and that the app client is set up for the redirect Apiable uses.
A user still sees a password field when you expected SSO only	Force SSO is off for their company. Turn it on for that company on the Assignment tab.
No company shows the provider after assigning all	Confirm assign all companies is toggled on and the assignment was saved.

Where to next

Identity Providers

The concept overview and how Identity Providers differ from Authorization Servers.

Connect Microsoft Entra ID

Connect an OpenID Connect provider

Connect any standards-compliant OpenID Connect provider.

Authorization Servers

The OAuth2 side: tokens for API calls, not portal login.