good, but Cognito isn’t designed to work as a SAML Identity Provider (IdP) for any random service provider. It mainly supports OpenID Connect (OIDC) and OAuth2 standards. While Cognito can connect to a SAML IdP, it can’t directly serve as one itself.

If you need Cognito users to sign in through a SAML-based service, you’ll have to place an identity broker or gateway in between. That gateway can handle the translation between Cognito’s OIDC flow and the SAML flow expected by the service provider. I’ve implemented this setup before using a SAML↔OIDC bridge, and it works well once you configure the metadata correctly. you can take a look at here