An external identity provider account for a user who does not currently exist yet in the user pool. This user
must be a federated user (for example, a SAML or Facebook user), not another native user.
If the SourceUser
is a federated social identity provider user (Facebook, Google, or Login with
Amazon), you must set the ProviderAttributeName
to Cognito_Subject
. For social identity
providers, the ProviderName
will be Facebook
, Google
, or
LoginWithAmazon
, and Cognito will automatically parse the Facebook, Google, and Login with Amazon
tokens for id
, sub
, and user_id
, respectively. The
ProviderAttributeValue
for the user must be the same value as the id
, sub
,
or user_id
value found in the social identity provider token.
For SAML, the ProviderAttributeName
can be any value that matches a claim in the SAML assertion. If
you wish to link SAML users based on the subject of the SAML assertion, you should map the subject to a claim
through the SAML identity provider and submit that claim name as the ProviderAttributeName
. If you
set ProviderAttributeName
to Cognito_Subject
, Cognito will automatically parse the
default unique identifier found in the subject from the SAML token.