# Cognito Overview

* Cognito **lets you add user sign-up, sign-in, and access control** to your web and mobile apps quickly and easily.<br>
* Cognito **scales to millions of users and supports sign-in with social identity providers**, such as **Facebook, Google, and Amazon**, and enterprise identity providers via SAML 2.0.

## User Pools

* A user pool is a **user directory in Cognito**.<br>

* With a user pool, your **users can sign in to your web or mobile app through Cognito, or federate through a third-party identity provider (IdP)**.<br>

* **User pools provide:**

  * **Sign-up and sign-in services**.<br>
  * A **built-in, customizable web UI to sign in users**.<br>
  * **Social sign-in** with Facebook, Google, Login with Amazon, and Sign in with Apple, and through **SAML and OIDC identity providers from your user pool**.<br>
  * **User directory management** and user profiles.<br>
  * Security features such as **multi-factor authentication (MFA)**, **checks for compromised credentials**, **account takeover protection**, and **phone and email verification**.

* After successfully authenticating a user, b.

![](https://4079160698-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MOmHH1M7R1RV5MGm4F7%2F-MP5-u_GconM1gsElEoJ%2F-MP54IeUcOv72YQTY1NG%2Fimage.png?alt=media\&token=33588230-ab6c-4d5a-8e76-3d078c9a80f4)

## Identity Pools

* With an identity pool, your users can **obtain temporary AWS credentials to access AWS services**, such as Amazon S3 and DynamoDB.<br>

* Identity pools **support anonymous guest users**, as well as the following identity providers that you can use to **authenticate users for identity pools:**

  * **Cognito user pools**.<br>
  * **Social sign-in** with Facebook, Google, Login with Amazon, and Sign in with Apple.<br>
  * **OpenID Connect (OIDC)** providers.<br>
  * **SAML** identity providers.<br>
  * **Developer authenticated identities**.

* **To save user profile information, your identity pool needs to be integrated with a user pool**.

* **Cognito identity pools (federated identities) enable you to create unique identities for your users and federate them with identity providers**.

## Cognito Sync

* Cognito Sync is an AWS service and client library that **enables cross-device syncing of application-related user data.**<br>
* You can use it to **synchronize user profile data across mobile devices and the web without requiring your own backend**.<br>
* The **client libraries cache data locally so your app can read and write data regardless of device connectivity status**.<br>
* **Requires Federated Identity Pools**; not User Pools.