How Zephr uses Cognito as an external identity provider
Zephr can integrate with Amazon Cognito to use it as an external identity provider for authentication and user management. In this setup, Cognito handles user identities and credentials, while Zephr manages sessions, rules, and entitlements.
When the AWS Cognito extension is enabled, Zephr and Cognito work together to authenticate users and control access across your digital experiences.
Authentication
Zephr delegates authentication to Cognito.
Zephr's login and registration flows call Cognito to authenticate users.
Upon successful authentication, Zephr establishes a session linked to the corresponding Cognito user record.
Source of truth for users
Cognito acts as the authoritative system of record for user identities and credentials.
Zephr does not store user passwords.
Zephr can modify user details in Cognito, including updating user attributes and supporting password updates through flows such as forgotten password.
Zephr stores only identifiers, for example, email address and Cognito user ID, and session data required to evaluate rules and entitlements.
Rules and entitlements
Zephr uses identity data from Cognito to drive access control and personalization.
Zephr rules can use Cognito-derived attributes (such as email, roles, groups, or custom claims) as inputs.
These attributes can be combined with Zephr User Attributes and Segments to determine access, product entitlements, and paywall outcomes.
Integration model
This integration enables a clear separation of responsibilities:
Cognito manages identity and authentication
Zephr manages user journeys, rules, entitlements, and personalization
This approach allows you to centralize identity management in Cognito while using Zephr to orchestrate access and customer experiences across your sites.