Item: Amazon Cognito
Rating: 6
Author: Piyush Goel

Use Cases and Deployment Scope

We use it for Authentication and Authorization of the mobile applications, and middleware that we write for our enterprise customers. We also evaluated it for the use-case of Federated Identity integration to other IDP solutions like Microsoft ActiveDirectory, etc. We also use it to enable MFA on a few web apps.

Pros and Cons

Easy to set-up.
Easy to configure the UserPools, and the Identity Pools.
Seamless Integration with AWS services like Lambda, IAM, etc.
Cheaper than other providers.

SCIM implementation is not present.
B2B SaaS use-cases are very hard to configure. More suitable or B2C use-cases.
Needs more recipes, plugins, SDK's.
2FA with Email as an OTP channel is not supported.
2 FA using biometrics is not available; can be customised using lambda.

Most Important Features

Identity and Authorisation concepts like UserPools, and Identity Pools.
Cost Effective for up to 40-50K users.
Server less and Event Driven Workflows.

Return on Investment

Faster turnaround to built a quick and fast Authentication and Authorisation system.
Easy to set-up and monitor.
Cost Effective. Saved ~20K USD over other products.

Alternatives Considered

The Okta Identity Cloud

- Cost-Effective and cheaper than Okta for up to 100K users.
- Easy to set up and configure.
- Integration with other AWS services like Lambda, Pinpoint.
- Good Documentation, and well-designed SDKs.

Key Insights

Do you think Amazon Cognito delivers good value for the price?

Yes

Are you happy with Amazon Cognito's feature set?

Did Amazon Cognito live up to sales and marketing promises?

Yes

Did implementation of Amazon Cognito go as expected?

Yes

Would you buy Amazon Cognito again?

Yes

Other Software Used

Cloudflare Access, Site24x7 StatusIQ, Slack

Likelihood to Recommend

Well Suited

B2C mobile and web apps with a high number of users.
Cheaper and cost-effective.
If the other pieces of the infra are already using AWS services like Lambda, S3, Pinpoint, etc.

Not Suited For:

Advanced use-cases (Biometrics based authentication) Email, and other MFA channels.
For any use-cases needing SCIM.
Customized flows of SSO, and MFA will need a layer on Lambda and other AWS services.

Products Replaced

Key Differentiators

Price
Product Features
Product Usability

Need a solution to prototype fast, and something cheap and cost-effective. Our use-cases were very simple for the web-apps, and mobile apps and our user-base was limited to 10K unique users. MFA requirements were also simple using only OTP on mobile. Since our infra is hosted on AWS, Cognito's ease of integration with AWS services allowed a faster rollout.

Evaluation Lessons Learned

Nothing much. For the use-case for which we employed Cognito, it fitted nicely.

AWS Cognito: A good solution for a B2C web/and mobile apps having simple Authentication needs. Not for B2B SaaS use-cases.

Overall Satisfaction with Amazon Cognito