# Cognito

If you have an existing user credential base using Amazon Cognito you may re-use that user base and let your existing users single sign on to ngSurvey using their Cognito credentials.&#x20;

## Cognito Configuration

The following steps will show you how to configure a new Cognito application working with ngSurvey.&#x20;

In your existing user pool go to the App Integration tab

![](/files/Aga4SXCzEbCiD1dkqgLN)

If you didn't setup a domain yet setup either a Cognito Domain or a custom domain.

.![](/files/Tw7uI7FfBWG8HTHfs0MB)

Create a new application client, the client application must be a Public client have its Client secret set as following:

![](/files/XcXXVYagnw8WgfpF8bAC)

You will also need to set a callback URL that will redirect back to your ngSurvey site's login page.

![](/files/fezmVc0jMHmVGZoOayRL)

Make sure that the OpenID scopes Email and Profile are set

![](/files/Y1cEkgzMRzfClk1DSgVi)

Once this is done create the application client

## NGSurvey Configuration

In order to setup Cognito in ngSurvey you will need the application Client ID and the Issuer. The client Id can be found in your App Client list.

![](/files/jwbyCSVi8aGeCby5eFTP)&#x20;

The Issuer URL is composed of the User PoolID and the Zone (eg: eu-central-1) in which the pool is running eg:

`https://cognito-idp.[ZONE].amazonaws.com/[PoolID]`

The user pool id can be found from your pool overview screen.

![](/files/e5UgFkqDaLGg63vOJKOj)

Once you have gathered both properties you can set them in OpenID tab of the system / settings page of ngSurvey

![](/files/OPdK66EfyvMfKiiXFG8F)

That's it! ngSurvey is now configured to single sign on your existing Cognito users along the built in ngSurvey users.

{% hint style="danger" %}
If you turn single sign-on on make sure to first log with an Cognito account and assign this account admin privileges or [roles](/multi-user-management/roles.md) in ngSurvey from the [user](/multi-user-management/users.md) access control. &#x20;
{% endhint %}

{% hint style="info" %}
Using the auto-link property on [roles](/multi-user-management/roles.md) and [groups](/multi-user-management/groups.md) you can automatically map a role or a group to each new Cognito user that is connecting to ngSurvey.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ngsurvey.com/installation-setup/installation/amazon-web-services/cognito.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.