Unlock advanced no/low code authentication features by integrating Authsignal with AWS Cognito. Deploy passkeys, biometrics, WhatsApp OTP, step-up and adaptive authentication, and more—without adding engineering complexity.
Handles the Basics – You get passkeys, email, and SMS OTP authentication right out of the box with Cognito's managed login.
Plays Nice with AWS – If you're already in the AWS ecosystem, Cognito integrates smoothly with Lambda, API Gateway, and other AWS services.
Offers Some Risk Detection – Cognito can spot suspicious logins based on IP, device, and location, then require MFA when needed.
Step-up Authentication Isn't Straightforward – Adding step-up authentication based on user behavior (like detecting bots or suspicious actions) means building custom workflows from scratch. Authsignal makes it easy to trigger additional security challenges—like passkeys, push notifications, or MFA—using simple no-code rules. You can get up and running fast with our straightforward API integration independent of Cognito flows.
Mitigating SMS Pumping Takes Effort – Protecting against SMS pumping attacks in Cognito requires manual configuration and tuning. Authsignal includes built-in safeguards and rate-limiting that work immediately with minimal setup.
UI Limited to Login – Once you need screens for MFA setup, account recovery, or authentication management, you're on your own to build them.
Few MFA Options – No WhatsApp verification, push notifications, or advanced adaptive MFA without additional configuration.
Basic Risk Assessment – Cognito's risk scoring only looks at IP, device, and location. For anything more sophisticated, you'll need custom a partner like Authsignal.
Limited Visibility – Trying to track authentication patterns or spot potential fraud? Cognito's basic logging makes this challenging without additional tools.
Challenging Customization – Adapting the UI and flows to match your brand identity requires significant effort.
Developer Experience – Documentation can be complex and implementation often requires specialized AWS expertise.
To unlock advanced authentication features, Authsignal augments Cognito with enterprise-grade features while preserving your AWS infrastructure.
Trusted by
.svg)
Create a free account for full access and begin integrating immediately.
Start integrating
Follow our step-by-step guides to get up and running without friction.
Explore docs
Access our exclusive private Slack channel for tailored advice and real-time support from our team.
Support
Plans start at just $99 per month, or connect with sales for enterprise solutions tailored to your needs.
Explore pricing
How does Authsignal integrate with AWS Cognito?
Authsignal integrates with AWS Cognito regardless of how you're implementing Cognito in your application: Whether you're using the AWS SDK directly or implementing Cognito through AWS Amplify, Authsignal works alongside Cognito using Lambda triggers as connection points.
Does Authsignal replace or extend Cognito MFA?
Authsignal can replace Cognito's basic MFA options or work alongside them to add extra security when needed. You can use Authsignal to require additional verification based on risk factors or specific user actions, giving you more security options than Cognito offers on its own.
Can I use Authsignal for specific high-risk actions only?
Yes, Authsignal allows you to define granular policies that enforce MFA only for specific sensitive user actions—not just during login. This includes operations like withdrawals, profile updates, payment authorizations, or other high-value transactions. For these post-login use cases, you typically integrate with Authsignal directly rather than via Cognito Lambda triggers.
What additional MFA options does Authsignal provide beyond Cognito's native capabilities?
Authsignal expands your MFA options with:
Can I switch identity providers later and keep using Authsignal?
Yes. Authsignal is built to be portable across identity platforms. This lets you keep your authentication flows and policies intact even if you switch from Cognito to another provider.
How much user data is transferred from AWS Cognito to Authsignal?
Only the Cognito user ID is mandatory. Additional user attributes are required based on the authentication methods you wish to use - for example, email address for email OTP authentication. You have full control over what attributes you decide to send.
Does Authsignal modify my Cognito User Pool configuration?
No, Authsignal integrates without modifying your existing Cognito User Pool structure or data.
What API options does Authsignal provide?
Authsignal offers REST APIs and SDKs for all major platforms, enabling seamless integration into your authentication workflows.
What is the performance impact of adding Authsignal to our authentication flow?
You can choose the region for your Authsignal tenant which best suits your AWS region, ensuring fast communication between Cognito and Authsignal. The performance overhead of calling Authsignal's APIs inside your Cognito lambdas is minimal.
Is the custom UI option as secure as AuthSignal's pre-built UI?
Yes, both options implement identical security protocols. The custom UI gives you design flexibility while maintaining same security standards.
Authsignal is multi-factor authentication (passwordless authentication) as a service. Focused on powering mid-market and enterprise businesses to rapidly deploy optimized good customer flows that enable a flexible and risk-based approach to authentication.
