Step 4: Integrate with your Cognito users pool (Amazon Cognito MFA Application)

Upon creating "Amazon Cognito MFA Application", a tab is created named "Cognito Integration". Open the tab, you'll see a short guide on how to integrate this application with your user pool in Amazon Cognito.
At first Click on "Deploy" button.

1915



You are directed to your AWS account, and after you log in, you'll see a "Create stack" page. This stack, installs lambda functions on your aws account to authenticate with Biopass.
All fields are prepopulated for you; however, you may want to change "Region", and then you should click on "Create stack".

1900



After clicking on the button, it starts installing the lambda functions, please wait until all status turns to "CREATE_COMPLETE"

1904



When all lambda functions created success, go to the user pool in Cognito you want to integrate with Biopass. Switch to "App integration" tab and scroll down "App client list". You should be able to see "ALLOW_CUSTOM_AUTH" in "App client information" box.
In case you do not see this line in app client information, click on "Edit" button, and choose "ALLOW_CUSTOM_AUTH" from the drop down menu on "Authentication flows", and save it.

1903 1900



Now that you are sure "ALLOW_CUSTOM_AUTH" is chosen, return to your user pool and switch to "User pool properties" tab. You should be able to see a button named "Add Lambda trigger" in "Lambda triggers"
box. Click on the button.

1901



On the page opened, choose "Custom authentication", and for each lambda trigger, choose appropriate lambda function from the drop down menu.
Define auth challenge -> truuth-biopass-cognito-define-challenge
Create auth challenge -> truuth-biopass-cognito-create-challenge
Verify auth challenge -> truuth-biopass-cognito-verify-challenge

1817 1819



Ultiately when you return to "User pool properties" tab, you will see

1858



🚧

Limitation on AWS Cognito user pools

Please be aware that unfortunately, in this version of Biopass, we do not support Cognito user pools which can use phone number as username. Likewise, Biopass does not support integrating with Cognito user pools which have case sensetive usernames.