Devs on AWS can now add Salesforce sign-in to their apps

Developers that use an Amazon Web Service (AWS) identity service called Cognito can now let users sign in to their apps with their Salesforce credentials.

Software as a service pioneer Salesforce has a fair chunk of enterprise users around the globe. Now, AWS developers have the tools to make it easier for Salesforce’s millions of users to engage with their apps, courtesy of new support for open authentication protocol OpenID Connect in Amazon’s Cognito service.

AWS launched Cognito in July as a tool for developers to sync data across multiple devices owned by a user as well as authenticate them through public login providers, starting with sign-in from Facebook, Google and Amazon accounts.

OpenID Connect (OIDC) was ratified in February with the backing of Google, Microsoft and Salesforce. The internet identity standard lets developers authenticate their users through the web or apps. The OpenID Foundation explains that besides alleviating the need for users to create one more password, OIDC also helps solve a sizeable problem by developers not having to worry about storing, managing user passwords — which massive password leaks in the the last few years have shown are prized targets and not always protected the way they should be.

AWS noted in a blog today, the addition of OIDC support in Cognito means AWS developers can allow users to sign in with their user name and password from Salesforce or Ping Federate, an identity product from enterprise identity management firm PingIdentity.

Both firms support OIDC and become additional “provider identities” to Google and Facebook that AWS developers can add to their list of identity providers.

“Cognito takes the ID token that you obtain from the OIDC identity provider and uses it to manufacture unique Cognito IDs for each person who uses your app. You can use this identifier to save and synchronize user data across devices and to retrieve temporary, limited-privilege AWS credentials through the AWS Security Token Service,” explained AWS evangelist, Jeff Barr.

AWS developers keen to add Salesforce as an identity provider should read Amazon’s security blog here to find out how.

The addition of Salesforce sign-in to Cognito authentication comes as Microsoft doubles down on efforts pip Amazon as the king of cloud, with both luring developers with additional backend services, such as identity and analytics, and new regions; Microsoft announced its new Azure region in Australia this week (its 19th), and today Amazon announced a new zone in Germany (it’s 11th).

On the identity provider front, Azure developers can authenticate users with logins from Microsoft Account, Facebook, Twitter, Google, and Azure Active Directory. Microsoft last month also added OpenID Connect and OAuth 2.0 support in Azure Active Directory.

Amazon earlier this week launched AWS Directory Service in an effort to nab a slice of Microsoft’s near ubiquitous claim on directory services in the enterprise.

Meanwhile, Salesforce lay down its identity challenge to Microsoft last year with launch of Salesforce Identity, which gave administrators directory services, user profile management, usage reports and dashboards and multi-factor authentication, while features for end users included single sign-on. Besides OpenID, it also supported other identity standards including SAML (Security Assertion Markup Language), OAuth, and SCIM (System for Cross-domain Identity Management.)

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags amazondirectors for CSO AustraliaCSOSecurity Token ServiceOIDCFacebooksalesforceAzure regionEnex TestLabCognitoGooglesign-inMicrosoftAmazon Web Service (AWS)PingIdentityOpenID ConnectCSO Australia

More about AWSCognitoCSOEnex TestLabFacebookGoogleMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place