Nexus Hub & AWS Cognito & Okta

Please contact Nexus Support at support@nexuscenter.io to request your tenant-specific data set

Log in to Okta and select Applications in menu bar (on the left) then click Applications.

Select “Create App integration” button.

Select SAML 2.0 and click Next.

Give the App a name and add a logo if you prefer, and click Next.

Enter Domain name from Cognito pool followed by: /saml2/idpresponse

Make sure the checkbox “Use this for Recipient URL and Destination URL” is unchecked

Please contact Nexus Support at support@nexuscenter.io to request your tenant-specific data set

Fill the next:


- Single sign on URL: https://<tenant-alias>.hub.nexuscenter.io/platform

- Recipient URL (Domain name from Cognito from previous step): https://<cognito-domain-name>.auth.us-west2.amazoncognito.com/saml2/idpresponse

- Destination URL: https://<tenant-alias>.hub.nexuscenter.io/platform

Enter Audience URI (SP EntityID) as urn:amazon:cognito:sp: followed by Cognito Pool ID

Configure the following to match:

a.     Name ID Format = EmailAddress

b.     Application username = Email

c.     Update application username on = Create and Update

Attribute Statements (optional) should match the below:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress = user.email

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname = user.firstName

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname = user.lastName

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name = user.displayName

Click Next

Select “I’m an Okta customer adding an internal app” check box and click Finish.

Right-click the “Identity Provider metadata” link and choose Copy Link Address, and share with Nexus for Cognito Pool SSO configuration.



Click on the Assignments tab and add Users & Groups as needed to access the application on the customer’s side.