I have an integration question regarding using AWS Cognito as external IdP in Okta. One of our apps currently uses AWS Cognito to authenticate users; we want to implement a SSO solution using Okta but minimize the user impact (we really don’t want to ask millions of users to re-set their password through Okta), as a result, we decide to continue use AWS Cognito as IdP and just let Okta to delegate user authentication requests to Cognito. I google around to see if anyone has done similar type of integration, but seems like most the integration are using AWS Cognito as auth provider and use Okta as external IdP, exactly the opposite of what we plan to do. Just want to ask here to see if anyone has any suggestion/experience about our integration flow: Use Okta as the auth provider and delegate user authentication requests to AWS Cognito as external IdP.
How about this solution from Amazon?