Federation between AWS Cognito — ForgeRock OpenAM using OpenID Connect (OIDC) & SAML

AWS Cognito is a fully managed service that provides a secure user directory that scales to hundreds of millions of users. It also provides sign in through social identity providers such as Google, Facebook, and Amazon, and through enterprise identity providers via SAML. Amazon Cognito also provides solutions to control access to backend AWS resources from your mobile or web app. You can define roles and map users to different roles so your app can access only the resources that are authorized for each user.