Clarification Needed on IAM Identity Center Configuration Step in CDK Deployment (Step 2)

[sathish0804]

Hello,

I am working through the steps for configuring IAM Identity Center in a deployment that involves SAML integration with Amazon Cognito, following the CDK deployment. Specifically, I am referring to Step 2: Configure IAM Identity Center. I have some questions regarding why the application setup, metadata configuration, and attribute mappings (for subject and email) are needed in this context.

Steps Involved:
Adding a custom SAML 2.0 application in IAM Identity Center.
Manually configuring the Application Assertion Consumer Service (ACS) URL and SAML Audience.
Mapping the following attributes:
Subject: Maps to ${user:subject} with Persistent format.
Email: Maps to ${user:email} with Basic format.
Questions:
Purpose of Custom SAML Setup: Why is it necessary to configure a custom SAML 2.0 application in IAM Identity Center for the initial deployment, particularly when dealing with the Cognito user pool?

while opening the SAML 2.0 application, it is showing

[johnrotach]

Hi, yep, I can help explain. DataZone makes use of IAM Identity Center for its identity provider. The solutions guidance makes use of Cognito for auth for the API for registering assets (via API Gateway). We wanted to be able to federate the identities used for DataZone so that the API could use the same identities so we configured this integration.