Failure When Trying to Connect AWS Cognito to Auth0

Hi all! I’m trying to connect a user pool in my AWS Cognito instance to Auth0 following the instructions in the How do I set up Auth0 as a SAML identity provider with an Amazon Cognito user pool? article.

When I click Debug from the Addon: SAML2 Web App section with the following settings…

Application Callback URL: https://{amazonCognitoDomain}.auth.{awsRegion}.amazoncognito.com/saml2/idpresponse

Settings

{
  "audience": "urn:amazon:cognito:sp:{poolName}",
  "mappings": {
    "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  },
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
}

… I’m taken to the following URL
https://{subDomain}.auth0.com/login?state={someState}&client={auth0ClientId}&protocol=samlp&response_type=code&redirect_uri=https%3A%2F%2Fmanage.auth0.com%2Ftester%2Fsamlp

Which gives me this:
image

Opening the console I can see the error reported is…

At least one email, sms or social connection needs to be available.

I’ve also tried saving the settings and continuing on with the instructions in the article but got this same error when testing from Cognito.

I have one database connection enabled under the application’s Connections tab (which should store the email) and both the social and sms options are disabled.

Any help is very much appreciated!!