Skip to content
Vendia

Vendia Single Sign-On (SSO)

UI SSO Authentication

Vendia provides the ability to integrate leading Identity Providers (IDPs) to authenticate with the Vendia Web Application. Please contact your Vendia Solutions Architect (SA) for assistance with enabling SSO on your account.

Node SSO Authentication

Each node in a Vendia Share Uni has built-in solutions for common identity and authentication patterns, including cloud-based application integration, mobile and web end users, and integration with third party Identity Providers (IDPs). Each node’s settings, including identity and authentication settings, are independent of all other nodes. They are under the exclusive control of the node’s owner.

Use an IAM Identity

By setting the node’s authorizerType to “IAM”, the owner of a node can restrict access to a specific set of Cloud Service Provider (CSP) accounts. The permitted accounts are provided as an additional array in the allowedAccounts field, and all communication with the node will be limited to that list of accounts. Since each node’s settings are independent, other nodes can be configured for the same, or different accounts, or can use entirely different identity solutions. This type of authentication is ideal for nodes that primarily interface with other backend systems.

Use OIDC Integration

Set the authorizerType of an AWS-based node to “COGNITO” and the authorizerArn field to the ARN of an existing Amazon Cognito user pool configured for OpenID Connect (OIDC). For more information on configuring an Amazon Cognito User Pool for OpenID Connect (OIDC), see Amazon Cognito User Pool for OpenID Connect (OIDC).

SSO “Login with Google” or “Login with Facebook” on an AWS-based Node

Set the authorizerType of an AWS-based node to “COGNITO” and the authorizerArn field to the ARN of an existing Amazon Cognito user pool configured for social Identity Provider (IDP). For more information on configuring an Amazon Cognito User Pool for social Identity Provider (IDP), see Amazon Cognito User Pool for social Identity Provider (IDP).

SAML Integration

Set the authorizerType of an AWS-based node to “COGNITO” and the authorizerArn field to the ARN of an existing Amazon Cognito user pool configured for Security Assertion Markup Language (SAML) integration. For more information on configuring an Amazon Cognito User Pool with SAML providers, see Amazon Cognito User Pool with SAML providers.

Frequently Asked Questions

I already have my existing web/mobile end users in an Amazon Cognito user pool; can I simply attach that to the node?

Set the authorizerType of an AWS-based node to “COGNITO” and the authorizerArn field to the ARN of your existing Amazon Cognito user pool to “bring your own” users to the node.

I want to support web or mobile users attaching to my node, but I don’t have an existing Cognito user pool for them. Is there an easy way to get started if I don’t want to manage that myself?

Set the authorizerType of an AWS-based node to “COGNITO” but leave the authorizerArn field unspecified. Vendia Share will supply and manage a Cognito User Pool on your behalf.

I have custom logic, such as Okta or Auth0 integration, that I’d like to use for authentication and authorization in a node. How can I use that?

Set the authorizerType of an AWS-based node to “CUSTOM” and the authorizerArn field to the ARN of an AWS Lambda function acting as a custom authorizer. You can use arbitrary code in that function to implement your authentication and authorization strategy based on the incoming API request, including its headers.