We use it for Authentication and Authorization of the mobile applications, and middleware that we write for our enterprise customers. We also evaluated it for the use-case of Federated Identity integration to other IDP solutions like Microsoft ActiveDirectory, etc. We also use it to enable MFA on a few web apps.
Pros
Easy to set-up.
Easy to configure the UserPools, and the Identity Pools.
Seamless Integration with AWS services like Lambda, IAM, etc.
Cheaper than other providers.
Cons
SCIM implementation is not present.
B2B SaaS use-cases are very hard to configure. More suitable or B2C use-cases.
Needs more recipes, plugins, SDK's.
2FA with Email as an OTP channel is not supported.
2 FA using biometrics is not available; can be customised using lambda.
Likelihood to Recommend
Well Suited
B2C mobile and web apps with a high number of users.
Cheaper and cost-effective.
If the other pieces of the infra are already using AWS services like Lambda, S3, Pinpoint, etc.
Not Suited For:
Advanced use-cases (Biometrics based authentication) Email, and other MFA channels.
For any use-cases needing SCIM.
Customized flows of SSO, and MFA will need a layer on Lambda and other AWS services.
We have been using Amazon Cognito for about the last 3 years now and it has been a really good experience. The onboarding although needs a little bit of help as there was little documentation that would help to install and maintain the application for what we were wanting it to. But with support's help, we were able to jump in and get what we were looking for and we have been satisfied with it since the implementation was completed.
Pros
Installation
Support
Subject Matter Experts
Ability to fix the issues quickly and without transferring the calls.
Cons
Need better documentation.
It is very pricey.
Could maybe have video content to help with setting up the security.
Likelihood to Recommend
With Amazon's support, we were able to complete what we were looking to accomplish. If you have an administrator that has been working in the AWS environment for a while they can assist with some of your questions. But save yourself time and open up a ticket with support and just get a tech on the line and have them walk you through the steps and you will be able to complete all the setup with minimal issues.
We use Amazon Cognito to simplify and forget to build from scratch the sign-in and log-in process in our applications. With Amazon Cognito you do not need to build the login process, sign-in mechanism, and all that stuff that is always the same one application after another, these constructs are already there to be used.
Pros
The sign-in process.
The login process.
Give permissions to users to use AWS services.
Cons
The Cognito documentation could have more easy to do examples of integrating it into the app.
The interface to administer users and groups could have more visual appealing.
Likelihood to Recommend
If you have a simple app or any app that needs to manage users; you can delegate this to Amazon Cognito. You don't need to waste time thinking and building the sign-in process, where to store users, groups, credentials, etc. Cognito does all that for you, and if you want to go further you can also use Federate Services.
We wanted to add user profiles to an existing SaaS app. We wanted all of the things that folks dream of, of course: It should be quick to implement, it should be stable and secure, and it should integrate well with our other services, and it should be extensible. Cognito turned out to be a dream. We used it to build the initial login page (supporting password auth and well as OAuth), and it handled all of that complexity for us very easily. We wanted users to be able to fill out "profile pages," and Cognito came built-in with extensible profile fields that we could populate without needing to add additional services, and we wanted to grant users access to some of our AWS microservices, and this was a very easy configuration in AWS, again without the need for any additional components. Amazon Cognito provided a complete Login and User Profile solution for our SaaS app.
Pros
Strong integration with React.js and client-side applications
Easy to bridge Cognito identities with the rest of the AWS ecosystem
Easy to store user profile data directly in Cognito rather than having to build additional services/endpoints
Easy integration with AWS Lambda to extend and add sophistication to the service
Cons
Cognito, as with all AWS tools, feels like strange alien technology and it takes some time to understand why it exists and what needs it serves. If they called it the "Amazon User Profile and Sign-In Service" they might have greater adoption.
More examples are always good, especially around using Lambdas to query or extend the Cognito data store.
Likelihood to Recommend
If you're already using AWS, there's no reason why you should implement your own password authentication or OAuth flows when you can use Cognito instead. It solves that work for you astoundingly well. You might be tempted by a tool like Okta for OAuth flows, but unless you already have a hard dependency on it then you should go with Cognito instead. It's much lighter weight, and it's much more pleasant to extend it with lambdas.
If you don't have any AWS in your stack, or it's very very important to you to stay platform-independent for your login flows, then those are reasons to avoid Cognito.
VU
Verified User
Employee in Information Technology (11-50 employees)
We use cognito to manage user sign in and authentication for our projects built on AWS architecture. Usually our clients need strong and reliable authentication features implying federated entities like Facebook across a software ecosystem.
Pros
Has good synergy with AWS ecosystem
Reliable sign-in features
Building a gateway Cognito User pool authorizer
Cons
Learning curve and documentation
Android SDK implementation
Likelihood to Recommend
If you are working strongly with AWS technologies, Cognito is the way to go. On the other hand, if you work strongly with mobile technologies and federated identities, you could prefer firebase.
In our organization, we help customers who are currently using AWS Cognito. There are many Enterprise clients of ours who use Amazon Cognito. It's an amazing product I would say. The main business problem for us is while integrating the client applications, we need to decide how to integrate our application with other services like Gmail, Linkedin,...etc. For this purpose, Amazon Cognito does a great job with their SDK.
Pros
Can easily manage the users.
Very good UI design helps manage the users list efficiently.
Security groups and roles provides very efficient security.
Cons
Maybe they can improve more on the grouping part.
All the users come under the same Cognito User Pool. If the IAM can be restricted to per group level of User Pools, then that would be really helpful.
Likelihood to Recommend
It's well suited for quick start of application, which needs to be integrated with multiple other applications. It may be not suited for applications which are already using high security in place, meaning if customers are already using OAuth, then I don't think this would be an effective solution.