# Cognito If you have an existing user credential base using Amazon Cognito you may re-use that user base and let your existing users single sign on to ngSurvey using their Cognito credentials. ## Cognito Configuration The following steps will show you how to configure a new Cognito application working with ngSurvey. In your existing user pool go to the App Integration tab ![](https://1025048312-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8fLhS0bmfBRyq0HdUm%2Fuploads%2FmYljTi8DKqlW6FT04Kqm%2Fimage.png?alt=media\&token=ada5f93f-e5d7-4ff1-b743-91f24364ec53) If you didn't setup a domain yet setup either a Cognito Domain or a custom domain. .![](https://1025048312-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8fLhS0bmfBRyq0HdUm%2Fuploads%2FAXCOnsoO4AMHPnjpiQUC%2Fimage.png?alt=media\&token=6bb5edd5-de3b-4315-8370-b76166f5d8a3) Create a new application client, the client application must be a Public client have its Client secret set as following: ![](https://1025048312-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8fLhS0bmfBRyq0HdUm%2Fuploads%2FmP7iUdkNcvsQy9MA9LR0%2Fimage.png?alt=media\&token=b21b617b-a060-4f5f-911a-b7533287f634) You will also need to set a callback URL that will redirect back to your ngSurvey site's login page. ![](https://1025048312-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8fLhS0bmfBRyq0HdUm%2Fuploads%2FV1gsLzDGvLR5kscLwz9a%2Fimage.png?alt=media\&token=9c451b0c-d22d-4ea2-8e37-4df40004540f) Make sure that the OpenID scopes Email and Profile are set ![](https://1025048312-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8fLhS0bmfBRyq0HdUm%2Fuploads%2F7NJjpgpwlyIoHZFV5Iu4%2Fimage.png?alt=media\&token=d9002e3a-126d-42e5-9d08-a9ae657dff77) Once this is done create the application client ## NGSurvey Configuration In order to setup Cognito in ngSurvey you will need the application Client ID and the Issuer. The client Id can be found in your App Client list. ![](https://1025048312-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8fLhS0bmfBRyq0HdUm%2Fuploads%2Fix0shjFRN2L3PJ8fGI15%2Fimage.png?alt=media\&token=61b395be-cec7-4f00-bcd7-f84a8c7ed655) The Issuer URL is composed of the User PoolID and the Zone (eg: eu-central-1) in which the pool is running eg: `https://cognito-idp.[ZONE].amazonaws.com/[PoolID]` The user pool id can be found from your pool overview screen. ![](https://1025048312-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8fLhS0bmfBRyq0HdUm%2Fuploads%2FQJPpjJbN7FFALCarvXUL%2Fimage.png?alt=media\&token=f11fa349-f4c1-4e1a-943d-bfdfdd26e1c1) Once you have gathered both properties you can set them in OpenID tab of the system / settings page of ngSurvey ![](https://1025048312-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M8fLhS0bmfBRyq0HdUm%2Fuploads%2FkibiLLvaVTVh3ZECrjnb%2Fimage.png?alt=media\&token=14e94ce1-65f7-4f85-a354-55484ee5131f) That's it! ngSurvey is now configured to single sign on your existing Cognito users along the built in ngSurvey users. {% hint style="danger" %} If you turn single sign-on on make sure to first log with an Cognito account and assign this account admin privileges or [roles](https://docs.ngsurvey.com/multi-user-management/roles) in ngSurvey from the [user](https://docs.ngsurvey.com/multi-user-management/users) access control. {% endhint %} {% hint style="info" %} Using the auto-link property on [roles](https://docs.ngsurvey.com/multi-user-management/roles) and [groups](https://docs.ngsurvey.com/multi-user-management/groups) you can automatically map a role or a group to each new Cognito user that is connecting to ngSurvey. {% endhint %}