Integrating Office 365 Logon

Hi, I’d be interested in how I can integrate Office 365 Login - either from Cognito or somehow from the outside. I wouldn’t like to use SAML and handle the password, but rather OAuth…


Figured it out after reading 20+ blog posts and wading through tons of obstacles :slight_smile:

Cognito SSO works with both SAML and OIDC (Open ID Connect).

The best description on using SAML was this one:

It is slightly outdated though:

  • no need for powershell, the UI accepts the URLs now
  • It doesn’t say what you need to do in the frontend; more on that later

The best help for doing it with OIDC is found here:

But I’ll restate the most important steps:

  • From Cognito / User Pool / Federation / Identity Providers add a OpenID Connect Provider
  • Provider Name can be any name
  • Client ID is the guid of the AzureAD Application
  • Client Secret you have to create from your AD applications Certificates and secrets section
  • Authorization scope should be: openid email
  • The issuer in my case is (The Tenant or Directory GUID you can also find from your AD application overview
  • Then hit Run discovery

Now you need to enable the provider in your Cognito App Client.

When the authentication is successful, your React-App is opened on the configured call-back URL. In order to get Amplify to give you an authorized session, you need to run this code:

await Auth.federatedSignIn(
  { token: id_token, expires_at: expires_in }

For now I just handle things from Login.js. Hopefully I’ll find time to refactor

useEffect(() => {
async function onLoad() {
  var {access_token, id_token, expires_in} = qs.parse(window.location.hash);
    try {
      await Auth.federatedSignIn(
        { token: id_token, expires_at: expires_in }
    } catch (e) {


}, []);

For query string parsing I use

import qs from "query-string";

which you’ll have to import using npm install query-string.

1 Like

Thank you for this! I know these are really hard to get working.