Amazon Cognito vs. Forefront Identity Manager (Discontinued)

Well Suited

1. B2C mobile and web apps with a high number of users.
2. Cheaper and cost-effective.
3. If the other pieces of the infra are already using AWS services like Lambda, S3, Pinpoint, etc.

Not Suited For:

1. Advanced use-cases (Biometrics based authentication) Email, and other MFA channels.
2. For any use-cases needing SCIM.
3. Customized flows of SSO, and MFA will need a layer on Lambda and other AWS services.

Incentivized

I think that MIM is great for compliance since it reduces the number of logins that are required by users. Most offices have post-it notes with logins floating around because there are so many to remember or there are "shared" logins. This reduces the number of logins to 1 and you can easily revoke access in one fell swoop. This prevents gaps and holes with terminations and updates to select groups are super simple.

Incentivized

• Strong integration with React.js and client-side applications
• Easy to bridge Cognito identities with the rest of the AWS ecosystem
• Easy to store user profile data directly in Cognito rather than having to build additional services/endpoints
• Easy integration with AWS Lambda to extend and add sophistication to the service

Incentivized

• Authentication
• Security
• Identity Management

Incentivized

• Amazon Cognito has a bit of a learning curve. You need to learn its concepts and terminology. The documentation does not describe some topics comprehensively.
• Some Console screens would benefit from improved search and filtering options.
• When another AWS product (e.g., SageMaker) configures Cognito on your behalf, it is not clear what you're getting. For example, the expiration of a temporary password was configured but never communicated.

Incentivized

• For Windows Server 2008 R2 Servers is a great tool to set a codeless provisioning over new objects.
• Can easily integrate with Active Directory and Exchange Servers, improving the identity sync between the final user and the lifecycle management.
• Improvements in the areas of performance, simplified deployment easing the troubleshooting tasks, better documentation knowledge base, and more language support.
• The codeless provisioning provided in FIM can sustain a variety from high demand to mid-size scenarios for account lifecycle management.

Incentivized

All the features AWS Cognito offers gives the user the options they need without making it too complicated. Your customers will be happy. On the administration site usability is also great. After a small learning curve, you can setup Cognito for your usage

Incentivized

AWS Support overall is poor. Your main resources are trainings and the docs, and the docs can be very confusing. Using Cognito well involves having a developer learn it deeply and help support your team in understanding it. That said, Cognito's competitors also have dismal support and even worse documentation, so while this isn't a strength for Cognito it may still be the frontrunner here.

Incentivized

They are ideal tools to create a secure and unique login experience for our applications. Thanks to its API authorization, Amazon Cognito ensures connections to applications that are secure.It is easy to use and provides easy access to files and applications that you need to complete your goal.

Incentivized

It is Microsoft. We are a Microsoft shop, primarily. It integrates deeply with Active Directory making it good for Microsoft Active Directory shops.

Incentivized

• ROI is great for Amazon Cognito Overall.
• It is included in the AWS Free Tier so you can use it for a good amount without paying, so the software can be tested beforehand.
• The paid pricing is also affordable, so a positive impact on ROI.

Incentivized

• We see a positive impact simply in the time savings alone. Chasing accounts around is time-consuming and prone to error.
• The cost to us is negligible to the value it provides.

Incentivized