Developers that use an Amazon Web Service (AWS) identity service called Cognito can now let users sign in to their apps with their Salesforce credentials.
Software as a service pioneer Salesforce has a fair chunk of enterprise users around the globe. Now, AWS developers have the tools to make it easier for Salesforce’s millions of users to engage with their apps, courtesy of new support for open authentication protocol OpenID Connect in Amazon’s Cognito service.
AWS launched Cognito in July as a tool for developers to sync data across multiple devices owned by a user as well as authenticate them through public login providers, starting with sign-in from Facebook, Google and Amazon accounts.
OpenID Connect (OIDC) was ratified in February with the backing of Google, Microsoft and Salesforce. The internet identity standard lets developers authenticate their users through the web or apps. The OpenID Foundation explains that besides alleviating the need for users to create one more password, OIDC also helps solve a sizeable problem by developers not having to worry about storing, managing user passwords — which massive password leaks in the the last few years have shown are prized targets and not always protected the way they should be.
AWS noted in a blog today, the addition of OIDC support in Cognito means AWS developers can allow users to sign in with their user name and password from Salesforce or Ping Federate, an identity product from enterprise identity management firm PingIdentity.
Both firms support OIDC and become additional “provider identities” to Google and Facebook that AWS developers can add to their list of identity providers.
“Cognito takes the ID token that you obtain from the OIDC identity provider and uses it to manufacture unique Cognito IDs for each person who uses your app. You can use this identifier to save and synchronize user data across devices and to retrieve temporary, limited-privilege AWS credentials through the AWS Security Token Service,” explained AWS evangelist, Jeff Barr.
AWS developers keen to add Salesforce as an identity provider should read Amazon’s security blog here to find out how.
The addition of Salesforce sign-in to Cognito authentication comes as Microsoft doubles down on efforts pip Amazon as the king of cloud, with both luring developers with additional backend services, such as identity and analytics, and new regions; Microsoft announced its new Azure region in Australia this week (its 19th), and today Amazon announced a new zone in Germany (it’s 11th).
On the identity provider front, Azure developers can authenticate users with logins from Microsoft Account, Facebook, Twitter, Google, and Azure Active Directory. Microsoft last month also added OpenID Connect and OAuth 2.0 support in Azure Active Directory.
Amazon earlier this week launched AWS Directory Service in an effort to nab a slice of Microsoft’s near ubiquitous claim on directory services in the enterprise.
Meanwhile, Salesforce lay down its identity challenge to Microsoft last year with launch of Salesforce Identity, which gave administrators directory services, user profile management, usage reports and dashboards and multi-factor authentication, while features for end users included single sign-on. Besides OpenID, it also supported other identity standards including SAML (Security Assertion Markup Language), OAuth, and SCIM (System for Cross-domain Identity Management.)
This article is brought to you by Enex TestLab, content directors for CSO Australia.