In the last few weeks, I was involved in multiple opportunities on Microsoft Azure and Amazon, where we had to analyse AWS Cognito, Azure AD and other solutions that are available on the market. I decided to consolidate in one post all features and differences that I identified for both of them that we should need to take into account.
Take into account that Azure AD is an identity and access management services well integrated with Microsoft stack. In comparison, AWS Cognito is just a user sign-up, sign-in and access control and nothing more.
The focus is not on the main features, is more on small things that can make a difference when you want to decide where we want to store and manage our users.
This information might be useful in the future when
we need to decide where we want to keep and manage our users.
Azure AD (B2C, B2C)
|
AWS Cognito
|
|
Access token lifetime
|
Default 1h – the value is configurable
|
1h – cannot be modified
|
SAML token lifetime
|
Default 1h – the value is configurable
|
1h – cannot be modified
|
Refresh token expiration
|
Configurable
|
Configurable
|
Auth session management capability
|
Yes
|
No
|
Single sign-on
|
Yes
|
Yes
|
Single sign-on lifetime
|
Yes
|
Limited
|
Multi-factor auth
|
Yes
|
Yes
|
Custom claims on identity token
|
Yes
|
Yes
|
Custom claims on the access token
|
Yes, from using AD App
|
No
|
Federation support
|
Yes
|
Yes
|
Social identity providers
|
Yes
|
Yes
|
Pricing
|
Main costs are from no. of users and objects.
|
Main costs are from no. of active users (MCU). Additional costs appear
for federation when you want to do user data sync. No. costs per transactions,
but take into account that if you integrate Cognito with IAM roles or KMS,
additional costs from this services will appears.
|
Self-service
|
Yes
|
Yes
|
Comments
Post a Comment