Learn how to configure the AWS Cognito extension in the Zephr Admin Console to manage user authentication and identity services.

1. In the Zephr Admin Console, select the Settings icon at the top right of any screen.
2. Select Extensions.
3. Select AWS Cognito.
4. Click the API Details section.
5. Enter the following configuration details:

   Field	Description
   Region	The AWS region where the Cognito User Pool is hosted, for example, eu-west-1 or us-east-1.
   Access Key ID	The access key for an AWS service account that has permission to manage and authenticate users in the target Cognito User Pool.
   Secret Access Key	The secret key paired with the Access Key ID. Zephr uses this key pair to call Cognito APIs securely.
   User Pool ID	The identifier of the Cognito User Pool that will act as the identity provider for Zephr users.
   App Client ID	The ID of an App Client in the target User Pool.This client must be configured as a SPA client with the ALLOW_ADMIN_USER_PASSWORD_AUTH flow enabled so that Zephr can perform username/password authentication through Cognito’s admin APIs.
   Cache Retention Period (minutes)	The duration, in minutes, for which user data retrieved from Cognito is cached in Zephr. During this period, Zephr uses the cached data instead of making repeated calls to Cognito APIs, which helps improve performance and reduce API usage. After the retention period expires, Zephr refreshes the data by querying Cognito again.

6. Click Done.
7. In the Activate Plugin section, enable the extension for each site where you want Cognito to provide identity services. Alternatively, select Select All Sites to enable the extension for all sites.
8. Click Save.

   After you save the configuration and enable the extension on one or more sites, Zephr can start using Cognito for user authentication and identity lookup.