Prerequisites:

• AWS Cognito user pool

• SSO enabled in Mitzu

Steps:

1. Login to Mitzu and navigate to the 'Manage organisation' page. Once SSO is enabled the details of the integration can be configured:

2. Open the AWS Console and create a new app client to your AWS Cognito user pool, with the following settings:

   • Auth type: Confidential client

   • Allowed callback URLs: copy the entire value of the Redirect URL input from the Mitzu SSO settings

   • OAuth 2.0 grant types: Authorization code grant

   • OpenID connect scopes: Email must be selected

3. Configure the client settings on the Mitzu SSO page

   • Client ID, Client Secret values can be found on the app client settings page

   • Pool ID, AWS Region and AWS Cognito signing domain can be found on the user pool settings page

4. Click save

5. In a different browser (or in an incognito window) verify the login flow. If it is not working as expected then please supervise your settings or contact Mitzu Support.