AWS Cognito
Learn how to integrate Zephr with AWS Cognito for centralized identity management and authentication.
Use the AWS Cognito extension to connect Zephr to an external identity provider (IdP) built on Amazon Cognito. In this configuration, Cognito is the system of record for user identities and credentials, while Zephr consumes identity and entitlement data to drive authentication, access control, and paywall logic.
Once configured, Zephr:
Delegates authentication to Cognito
Treats Cognito as the source of truth for users
Stores only references to Cognito users (for example, email address and Cognito user ID), not passwords
This enables centralized identity management in Cognito with Zephr handling session management, rules-based decisioning, and personalization.
Pre-requisites
An AWS account with access to Amazon Cognito.
A User Pool configured for your Zephr-powered application.
An App Client in that User Pool that supports password authentication through the admin API. A Single-Page Application (SPA) App Client is required for this to work.
An AWS service account (access key and secret) with permission to call Cognito APIs for the target User Pool.
Note:The service account must not have multi-factor authentication (MFA) enforced.
Access to the Zephr Admin Console and permission to configure .