<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009qZMSoCAOOkta Classic EngineOkta Integration NetworkAnswered2023-12-13T02:36:20.000Z2023-12-11T22:56:04.000Z2023-12-13T02:36:20.000Z

User16784855397918858355 (Customer) asked a question.

December 11, 2023 at 10:56 PM
Pass Username from Cognito to Okta using SAML integration

We have configured AWS Cognito to use Okta as a "Federated identity provider sign-in" using SAML. Cognito uses the User's email address to determine which Okta IdP to utilize. Since the user has already entered their email address, we would like to update our Cognito (XML) "Metadata document" to pass the user's email address to Okta as the username so that the user is not required to enter their email twice.

 

I have found similar questions (e.g., https://support.okta.com/help/s/question/0D50Z00008G7UyqSAF/pass-username?language=en_US&t=1702334131346), but none which answer how to do this.

  • 2 answers
  • 782 views
nbd0s likes this.

  • Mihai N. (Okta, Inc.)

    Hi @User16784855397918858355 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    I’ve looked into this and as far as I’ve been able to find there’s no out-of-the-box solution. I’ve only seen reports where the username(or email in your case) could perhaps be sent as login_hint or Subject tag in the SAMLRequest for Okta to pre-populate the username, but this with mixed results. The configuration would have to be done on the app side. 

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

    Ask Away: OIG Product Experts Answer Your Questions Thru Thur., Dec 14

    Expand Post
    Selected as Best

  • User16784855397918858355 (Customer)

    I have found a work around solution. If the User utilizes the same password for both their Cognito account and their Okta account and then logs into their Cognito account, Cognito will pass along the User's credentials (username/password combination) to Okta and successfully authenticate the user.

     

    We would still like to be able to somehow prepopulate the username (a.k.a. email address) field on the Okta sign in dialog box because the above approach does require reusing passwords which is not a Best Practice.

    Expand Post

  • Mihai N. (Okta, Inc.)

    Hi @User16784855397918858355 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    I’ve looked into this and as far as I’ve been able to find there’s no out-of-the-box solution. I’ve only seen reports where the username(or email in your case) could perhaps be sent as login_hint or Subject tag in the SAMLRequest for Okta to pre-populate the username, but this with mixed results. The configuration would have to be done on the app side. 

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

    Ask Away: OIG Product Experts Answer Your Questions Thru Thur., Dec 14

    Expand Post
    Selected as Best
This question is closed.
Loading
Pass Username from Cognito to Okta using SAML integration