Descope Auth for AWS is a customer authentication and user management platform tailored for AWS developers building SaaS applications. It integrates with AWS services and supports the AWS SaaS Builder Toolkit (SBT) via a dedicated plugin. Core capabilities include: - Passwordless authentication methods (passkeys, magic links, OTP, social login) - Machine-to-machine (M2M) authentication for securing APIs and automated services - Multi-factor authentication (MFA), including phishing-resistant MFA and risk-based enforcement - Single sign-on (SSO) via SAML and OIDC, with self-service configuration - Authorization models including RBAC, ReBAC, and ABAC - User management features: progressive profiling, identity provisioning, and backup auth methods - Identity verification flows (image recognition, KYC) - Geo-based authentication and localization (with AI translation via Amazon Translate) - Audit streaming to external observability tools Integration with Amazon Cognito is explicitly supported, including adding Descope as an OIDC provider and augmenting Cognito with passkeys and phishing-resistant MFA. Developer access options include no-code visual workflow builder (Descope Flows), frontend/backend SDKs, and a REST API. Supported frameworks include React, Next.js, and Vue.js. AWS service integrations include Amazon Cognito, Amazon SES, Amazon SNS, Amazon Rekognition, and Amazon Translate. The platform powers over 1,000 organizations in production.