← Back to Recipes

How to replace Keycloak with Amazon Cognito

Don’t leave apps — or your customers — behind when moving your data center to the cloud. Move any app over to Amazon Cognito without refactoring instead.

Read the docsTry this in Maverics
  • Save months (or years) of refactoring non-standard legacy apps
  • Shift apps to a cloud IDP in minutes with zero downtime and no technical debt
  • Improve security without taking on massive increases in per-user costs
Ingredients
Migration Amazon Cognito Keycloak

Stop refactoring Keycloak apps. Try this instead.

Setup details

Just add your ingredients and deploy.

What the user sees

Your customers don’t care what identity provider you use to authenticate them — they care that it works. Use Identity Orchestration to make sure everything works perfectly every time.

  • Familiar login. Customers head to the same screen and start the app authentication flow.
  • Invisible redirection. Behind the scenes, Maverics evaluates the app policy in config and directs your customers to Amazon Cognito.
  • Quick, smooth passkey authentication. The customer enters their details, gets authenticated and logs in. Everything in the app looks the same as before.

What the admin does

Switching to a modern IDP stopped being optional when modern standards emerged and data centers moved to the cloud. Use Identity Orchestration to make your IDP shift as quick and painless as possible.

  • Prepare your work surface. Define the upstream application and the port Maverics will use to communicate with the app.
  • Set the rules. Define the basic policy that enforces authentication to Amazon Cognito and define how Maverics will provide context to the upstream application.
  • Configure. Set Maverics up as an authentication gateway and give it the right permissions to direct users correctly.

See it in action

Migrate App Identity from Keycloak to Amazon Cognito

Interested to see more? We have a full workshop for you!

Watch now

Solve more modernization challenges with ready-to-deploy recipes

Identity Continuity
Active Directory (AD)
Okta
Failover from Okta to on-prem Active Directory (AD)

Keep your critical apps accessible. Use Identity Continuity to allow key users to securely authenticate locally with Keycloak if Microsoft Entra ID ever becomes unavailable.

Identity Continuity
Okta
Entra ID (Azure AD)
Failover from Okta to Microsoft Entra ID

Don’t let Okta take you offline. Use Identity Continuity to allow users to securely authenticate to critical apps with Microsoft Entra ID anytime Okta is unavailable.

Identity Continuity
Keycloak
Entra ID (Azure AD)
Failover from Microsoft Entra ID to on-prem Keycloak

Keep your critical apps accessible. Use Identity Continuity to allow key users to securely authenticate locally with Keycloak if Microsoft Entra ID ever becomes unavailable.

View all recipes

Ready to cook up your perfect identity modernization solution?

Stop juggling disparate identity services. Unleash the power of Strata’s orchestration recipes.
Whether you’re dealing with legacy app modernization or controlling multi-cloud access, Orchestration Recipes have got you covered.

Read the docsTry this in Maverics