AWS Cognito is a best-in-class Authentication and User Profile provider
September 18, 2020

AWS Cognito is a best-in-class Authentication and User Profile provider

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Amazon Cognito

We wanted to add user profiles to an existing SaaS app. We wanted all of the things that folks dream of, of course: It should be quick to implement, it should be stable and secure, and it should integrate well with our other services, and it should be extensible. Cognito turned out to be a dream. We used it to build the initial login page (supporting password auth and well as OAuth), and it handled all of that complexity for us very easily. We wanted users to be able to fill out "profile pages," and Cognito came built-in with extensible profile fields that we could populate without needing to add additional services, and we wanted to grant users access to some of our AWS microservices, and this was a very easy configuration in AWS, again without the need for any additional components. Amazon Cognito provided a complete Login and User Profile solution for our SaaS app.
  • Strong integration with React.js and client-side applications
  • Easy to bridge Cognito identities with the rest of the AWS ecosystem
  • Easy to store user profile data directly in Cognito rather than having to build additional services/endpoints
  • Easy integration with AWS Lambda to extend and add sophistication to the service
  • Cognito, as with all AWS tools, feels like strange alien technology and it takes some time to understand why it exists and what needs it serves. If they called it the "Amazon User Profile and Sign-In Service" they might have greater adoption.
  • More examples are always good, especially around using Lambdas to query or extend the Cognito data store.
  • ROI from Cognito comes in terms of developer velocity--you'll get logins and user identities up and running faster and more stably if you use Cognito. Once they're working, they'll keep working.
I've used bespoke solutions for password, email, and OAuth flows, I've used AuthZero, and I've used Okta. In all cases, Cognito wins:

1) It's more featureful, faster, prettier out-of-the-box, more extensible, AND cheaper than Auth Zero.
2) It's again all of those things compared to Okta, however, Okta has a stronger existing Enterprise following and that may encourage you to stick with it for uniformity purposes.
3) It's way better than making your own bespoke auth/profile services; don't even consider that anymore, the problem has been solved well.
AWS Support overall is poor. Your main resources are trainings and the docs, and the docs can be very confusing. Using Cognito well involves having a developer learn it deeply and help support your team in understanding it. That said, Cognito's competitors also have dismal support and even worse documentation, so while this isn't a strength for Cognito it may still be the frontrunner here.
Easier than many AWS products, but still a challenge to get up and running... and yet still easier and more understandable than its competitors. Authentication is complicated, so most authentication tools aren't strong here.

Do you think Amazon Cognito delivers good value for the price?


Are you happy with Amazon Cognito's feature set?


Did Amazon Cognito live up to sales and marketing promises?


Did implementation of Amazon Cognito go as expected?


Would you buy Amazon Cognito again?


If you're already using AWS, there's no reason why you should implement your own password authentication or OAuth flows when you can use Cognito instead. It solves that work for you astoundingly well. You might be tempted by a tool like Okta for OAuth flows, but unless you already have a hard dependency on it then you should go with Cognito instead. It's much lighter weight, and it's much more pleasant to extend it with lambdas.

If you don't have any AWS in your stack, or it's very very important to you to stay platform-independent for your login flows, then those are reasons to avoid Cognito.