Knowledge Base Home

Creating a Custom Cognito User Pool and Domain

A quick walkthrough demonstrating the creation of a custom user pool and domain using AWS Cognito. These cloud resources are the prerequisites for creating a Kaleido Enterprise Org.


  1. Log into your AWS account and navigate to the Cognito service.
  2. Click the Manage User Pools button to create the custom user pool. If you have no existing user pools, follow the click here to create a user pool hyperlink to generate your first pool.
  3. If you prefer to leverage an existing user pool, it must be edited to require email as the username attribute. The email field is stored against the Enterprise Organization resource on the Kaleido side, ensuring that only authenticated and invited users can access the org. Invited members, identified via an email address, access the Kaleido Enterprise Organization through its unique login URL that ultimately redirects to the chosen Identity Provider schema within the Cognito user pool. The “Configuring an External Identity Provider & Logging into your Enterprise Org” tutorial expands on Identity Providers and demonstrates an example flow using Google Sign In. Refer to the approach in step 5 for adding the email attribute to an existing pool.
  4. Supply a name for your user pool in the Pool name box and select Review defaults as the method for pool creation.
  5. Before finalizing the pool, you need to specify email addresses as the required sign in attribute. Click the Attributes tab in the lefthand navigation panel to view the available sign in approaches. In the How do you want your end users to sign in? section select the Email address or phone number option. Make sure the Allow email addresses field is enabled. In the Which standard attributes do you want to require? section select email as your required attribute. Click Next Step at the bottom of the screen to save these configurations.
  6. Next, click the App clients tab in the lefthand navigation panel to create an application client for the pool. Click the Add an app clienthyperlink to provision the client credentials. The credentials are visible once the pool has been created.
  7. Supply a name for the app client in the App client name box and leave the Generate client secret option enabled. Kaleido needs both the client ID and secret in order to securely communicate with your Cognito Pool. Click the Create app clientbutton to finish.
  8. On the new screen click the Return to pool details hyperlink to review your settings. Ensure that email is present for the Required attributes and Username attributes fields. Click the Create pool button at the bottom of the screen to finalize your custom Cognito pool.
  9. Lastly, provision a domain for the Cognito enterprise sign in. Click the Domain name tab in the lefthand navigation and supply a prefix for the amazon cognito domain. Click the Check availability button to make sure the domain is available. Click Save changes to save your domain.

Prev AWS Integrations – Configuring an S3 Bucket Next Generating an Enterprise Organization in the Kaleido Console