Building customer login: Cognito, Entra External ID or Identity Platform?
For real SaaS with social login and MFA: a third party like Auth0, Clerk or WorkOS is often cheaper and faster. The cloud-native options work, but UX and docs lag. Vendor choice depends on your existing stack.
Try this first
- 1Small product with email/password and social login: Clerk or Auth0 free tier. A day to set up, scales with you.
- 2Existing AWS stack and you'll accept a less modern login UI: Cognito User Pools. Pairs well with API Gateway and Lambda.
- 3Existing Azure stack and B2C audience: Microsoft Entra External ID (formerly Azure AD B2C). Good MFA, conditional access, decent developer experience.
- 4GCP stack: Identity Platform (built on Firebase Auth). Strong for mobile-first apps, less for enterprise claims.
- 5For SMB with enterprise customers wanting SAML or SCIM: WorkOS. Less lock-in, better DX than Cognito or Identity Platform.
When to bring us in
In a regulated sector (health, finance) or needing SSO with customers on different IdPs, a session with someone who's deployed multiple stacks pays off.
See also
- Everyone logs in with the AWS root accountRoot is for emergencies and billing. Day-to-day work belongs in IAM users or SSO.
- Every developer has AdministratorAccessAdministratorAccess everywhere is convenient now, painful later. Start with role-based policies.
- Everyone has individual IAM users with their own passwordIdentity Center (formerly AWS SSO) links to your IdP and issues temporary credentials per session.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.