Skip to content

Vendia Single Sign-On (SSO)

UI SSO Authentication

Vendia provides the ability to integrate leading Identity Providers (IDPs) to authenticate with the Vendia Web Application. Please contact your Vendia Solutions Architect (SA) for assistance with enabling SSO on your account.

Workspace SSO Authentication

Each workspace in a Vendia Share project has built-in solutions for common identity and authentication patterns, including cloud-based application integration, mobile and web end users, and integration with third party Identity Providers (IDPs). Each workspace’s settings, including identity and authentication settings, are independent of all other workspaces. They are under the exclusive control of the workspace’s owner.

Use an IAM Identity

By setting the workspace’s authorizerType to “IAM”, the owner of a workspace can restrict access to a specific set of Cloud Service Provider (CSP) accounts. The permitted accounts are provided as an additional array in the allowedAccounts field, and all communication with the workspace will be limited to that list of accounts. Since each workspace’s settings are independent, other workspaces can be configured for the same, or different accounts, or can use entirely different identity solutions. This type of authentication is ideal for workspaces that primarily interface with other backend systems.

Use OIDC Integration

Set the authorizerType of an AWS-based workspace to “COGNITO” and the authorizerArn field to the ARN of an existing Amazon Cognito user pool configured for OpenID Connect (OIDC). For more information on configuring an Amazon Cognito User Pool for OpenID Connect (OIDC), see Amazon Cognito User Pool for OpenID Connect (OIDC).

SSO “Login with Google” or “Login with Facebook” on an AWS-based Workspace

Set the authorizerType of an AWS-based workspace to “COGNITO” and the authorizerArn field to the ARN of an existing Amazon Cognito user pool configured for social Identity Provider (IDP). For more information on configuring an Amazon Cognito User Pool for social Identity Provider (IDP), see Amazon Cognito User Pool for social Identity Provider (IDP).

SAML Integration

Set the authorizerType of an AWS-based workspace to “COGNITO” and the authorizerArn field to the ARN of an existing Amazon Cognito user pool configured for Security Assertion Markup Language (SAML) integration. For more information on configuring an Amazon Cognito User Pool with SAML providers, see Amazon Cognito User Pool with SAML providers.

Frequently Asked Questions

I already have my existing web/mobile end users in an Amazon Cognito user pool; can I simply attach that to the workspace?

Set the authorizerType of an AWS-based workspace to “COGNITO” and the authorizerArn field to the ARN of your existing Amazon Cognito user pool to “bring your own” users to the workspace.

I want to support web or mobile users attaching to my workspace, but I don’t have an existing Cognito user pool for them. Is there an easy way to get started if I don’t want to manage that myself?

Set the authorizerType of an AWS-based workspace to “COGNITO” but leave the authorizerArn field unspecified. Vendia Share will supply and manage a Cognito User Pool on your behalf.

I have custom logic, such as Okta or Auth0 integration, that I’d like to use for authentication and authorization in a workspace. How can I use that?

Set the authorizerType of an AWS-based workspace to “CUSTOM” and the authorizerArn field to the ARN of an AWS Lambda function acting as a custom authorizer. You can use arbitrary code in that function to implement your authentication and authorization strategy based on the incoming API request, including its headers.