# Amazon WorkSpaces Applications User Pools
<a name="user-pool"></a>

The WorkSpaces Applications user pool provides a simplified way to manage access to applications for your users through a persistent portal for each AWS Region. This feature is a built-in alternative to user management through [Active Directory](active-directory.md) and [SAML 2.0 federation](external-identity-providers.md). Stacks can't be assigned to users in the user pool if the stacks are associated with a fleet that is joined to an Active Directory domain.

The WorkSpaces Applications user pool provides the following key features:
+ Users can access application stacks through a persistent URL and login credentials by using their email address and a password that they choose. 
+ Users' email addresses are case-sensitive. During login, if they specify an email address that doesn't use the same capitalization as the email address specified when their user pool account was created, a "user does not exist" error message displays.
+ You can assign multiple stacks to users. Doing so enables WorkSpaces Applications to display multiple application catalogs to users when they log in.
+ When you create new users, a welcome email is automatically sent to them. The email includes instructions, a login portal link, and a temporary password for connecting to the login portal.
+ After you create users, they are enabled unless you specifically disable them.
+ You can control which users have access to which application stacks, or disable access completely.

**Topics**
+ [User Pool End User Experience for Amazon WorkSpaces Applications](user-pool-end-user.md)
+ [Resetting a Forgotten Password in Amazon WorkSpaces Applications](user-pool-end-user-reset-password.md)
+ [User Pool Administration in Amazon WorkSpaces Applications](user-pool-admin.md)

# User Pool End User Experience for Amazon WorkSpaces Applications
<a name="user-pool-end-user"></a>

The following steps summarize the initial connection experience for users in the user pool. 

1. You create new users in the Region you want by specifying their email addresses.

1. WorkSpaces Applications sends them a welcome email.

1. You assign one or more stacks to the users. 

1. WorkSpaces Applications sends them an optional notification email. This email includes information about how to access the stacks that are newly assigned to them.

1. The users connect to the login portal by entering the information included in the welcome email, and they set a permanent password. The login portal link never expires and can be used any time.

1. They sign in to WorkSpaces Applications by entering their email address and permanent password. 

1. After they sign in, the users can view their application catalogs.

The login portal link provided in the welcome email should be saved for future use, as it does not change and is valid for all users in the user pool. The login portal URL and users in the user pool are managed on a per-Region basis.

# Resetting a Forgotten Password in Amazon WorkSpaces Applications
<a name="user-pool-end-user-reset-password"></a>

If users forget their password, follow these steps to connect to the login portal link (provided in the welcome email) and choose a new password.

**To choose a new password**

1. Open the WorkSpaces Applications login portal by using the login link provided in the welcome email.

1. Choose **Forgot Password?**.

1. Type the email address that you used to create the user in the user pool, and choose **Next**.

   Your email address is case-sensitive. During login, if your email address doesn't use the same capitalization as the email address specified when your user pool account was created, a "user does not exist" error message displays.

1. Check your email for the password reset request message. If you are having difficulty finding the email, check your spam email folder. Type the verification code from the email in **Verification Code**.
**Note**  
The verification code is valid for 24 hours. If a new password is not chosen within this time, request a new verification code.

1. Following the password rules shown, type and confirm your new password. Choose **Reset Password**.

# User Pool Administration in Amazon WorkSpaces Applications
<a name="user-pool-admin"></a>

To create and manage users in the user pool, sign in to the WorkSpaces Applications console for the AWS Region you want and choose **User Pool** in the left navigation pane. The User Pool dashboard supports bulk operations on a list of users for some actions. You can select multiple users on which to perform the same action from the **Actions** list. Users in the user pool are created and managed on a per-Region basis.

WorkSpaces Applications does not support bulk user creation or disable. However, you can use Amazon Cognito with the [CreateStreamingURL](https://docs.aws.amazon.com/appstream2/latest/APIReference/API_CreateStreamingURL.html) API action to manage access efficiently for multiple users. Amazon Cognito user pools let you quickly create your own directory to sign up and sign in users. In addition, you can use Amazon Cognito user pools to store user profiles. For information about how to integrate WorkSpaces Applications with your Cognito User Pool, see the [Create a SaaS Portal with Amazon WorkSpaces Applications](https://aws.amazon.com/appstream2/getting-started/isv-workshops/saas/) tutorial.

**Note**  
WorkSpaces Applications sends email to users on your behalf when you create a new user created or assign a user to a stack. To ensure the email is delivered, add `no-reply@accounts.aws-region-code.amazonappstream.com` to your allow list, where `aws-region-code` is a valid AWS Region code in which you are working. If users are having difficulty finding the emails, ask them to check their "spam" email folder.

**Topics**
+ [Creating a User in Amazon WorkSpaces Applications](user-pool-admin-create.md)
+ [Deleting a User in Amazon WorkSpaces Applications](user-pool-admin-deleting-user.md)
+ [Assigning Stacks to Users in Amazon WorkSpaces Applications](user-pool-admin-assigning.md)
+ [Unassigning Stacks from Users in Amazon WorkSpaces Applications](user-pool-admin-unassigning.md)
+ [Disabling Users in Amazon WorkSpaces Applications](user-pool-admin-disabling.md)
+ [Enabling Users in Amazon WorkSpaces Applications](user-pool-admin-enabling.md)
+ [Re-Sending Welcome Email in Amazon WorkSpaces Applications](user-pool-admin-email.md)

# Creating a User in Amazon WorkSpaces Applications
<a name="user-pool-admin-create"></a>

You must enter a valid and unique email address for each new user within a Region. However, you can reuse an email address for a new user in another Region.

When you create a new user, be aware of the following:
+ You cannot change the email address, first name, or last name for a user that you have already created. To change this information for a user, disable the user. Then, recreate the user (as a new user) and specify the updated information as needed. 
+ Users' email addresses are case-sensitive. During login, if they specify an email address that doesn't use the same capitalization as the email address specified when their user pool account was created, a "user does not exist" error message displays.
+ You can assign one or more stacks to the user after the user is created.

**To create a new user**

1. Open the WorkSpaces Applications console at [https://console.aws.amazon.com/appstream2](https://console.aws.amazon.com/appstream2).

1. In the left navigation pane, choose **User Pool**, **Create User**.

1. For **Email**, type the unique email address for the user.

1. Type the user's first name and last name in the corresponding fields. These fields need not be unique.

1. Choose **Create User**.

After users are created, WorkSpaces Applications sends them a welcome email. This email includes the login portal link, the login email address to be used, and a temporary password. By browsing to the login portal and typing their temporary password, users can set a permanent password to access their applications. 

By default, the new user's status is **Enabled**, meaning you can assign one or more stacks to the user or perform other administrative actions.

# Deleting a User in Amazon WorkSpaces Applications
<a name="user-pool-admin-deleting-user"></a>

You can enable or disable a user, but you cannot delete a user by using the WorkSpaces Applications console. To delete a user, you must use the [DeleteUser](https://docs.aws.amazon.com/appstream2/latest/APIReference/API_DeleteUser.html) API action.

# Assigning Stacks to Users in Amazon WorkSpaces Applications
<a name="user-pool-admin-assigning"></a>

You can assign one or more stacks to one or more users in the user pool. After they are assigned to at least one stack, users can log in to WorkSpaces Applications and launch applications. If users are assigned to more than one stack, they are presented with a list of stacks as catalogs to choose from before launching applications. 

**Note**  
Stacks can't be assigned to users if the stacks are associated with a fleet that is joined to an Active Directory domain. 

**To assign a stack to users**

1. Open the WorkSpaces Applications console at [https://console.aws.amazon.com/appstream2](https://console.aws.amazon.com/appstream2).

1. In the left navigation pane, choose **User Pool** and select the users you want.

1. Choose **Actions**, **Assign stack**. For more information, see [Using Active Directory with WorkSpaces Applications](active-directory.md).

1. Review the list to confirm that the correct users are specified. For **Stack**, choose the stack you want to assign.

1. By default, **Send email notification to user** is enabled. Clear this option if you do not want to send the notification email to users now.

1. Choose **Assign stack**.

# Unassigning Stacks from Users in Amazon WorkSpaces Applications
<a name="user-pool-admin-unassigning"></a>

You can unassign a stack from one or more users in the user pool. After a stack is unassigned from users, they can't launch applications from the stack. If users are connected when you unassign the stack, their sessions remain active until the session cookie expires (about one hour).

**To unassign a stack from users**

1. Open the WorkSpaces Applications console at [https://console.aws.amazon.com/appstream2](https://console.aws.amazon.com/appstream2).

1. In the left navigation pane, choose **User Pool** and select the users you want.

1. Choose **Actions**, **Unassign stack**.

1. Review the list to confirm that the correct users are specified. For **Stack**, choose the stack you want to unassign. The list includes all stacks, assigned or unassigned.

1. Choose **Unassign stack**.

# Disabling Users in Amazon WorkSpaces Applications
<a name="user-pool-admin-disabling"></a>

You can disable one or more users in the user pool, one at a time. After they are disabled, users can no longer log in to WorkSpaces Applications until they are re-enabled. This action does not delete users. If users are connected when you disable them, their sessions remain active until the session cookie expires (about one hour). Stack assignments for the users are retained. If the users are re-enabled, their stack assignments become active again.

**To disable a user**

1. Open the WorkSpaces Applications console at [https://console.aws.amazon.com/appstream2](https://console.aws.amazon.com/appstream2).

1. In the left navigation pane, choose **User Pool** and select the user you want.

1. Choose **Actions**, **Disable user**.

1. Confirm that the correct user is specified, and choose **Disable User**.

# Enabling Users in Amazon WorkSpaces Applications
<a name="user-pool-admin-enabling"></a>

You can enable one or more users in the user pool, one at a time. After they are enabled, users can log in to WorkSpaces Applications and launch applications from the stacks to which they are assigned. If the users were disabled, these assignments are retained.

**To enable users**

1. Open the WorkSpaces Applications console at [https://console.aws.amazon.com/appstream2](https://console.aws.amazon.com/appstream2).

1. In the left navigation pane, choose **User Pool** and select the user you want.

1. Choose **Actions**, **Enable user**.

1. Confirm that the correct user is specified, and choose **Enable User**.

# Re-Sending Welcome Email in Amazon WorkSpaces Applications
<a name="user-pool-admin-email"></a>

You can re-send the welcome email with connection instructions to users in the user pool. Unused passwords expire after seven days. To provide a new temporary password, you must re-send the welcome email. This option is only available until users set their permanent password. If they've already set their password and forgotten it, they can set a new one. For more information, see [Resetting a Forgotten Password in Amazon WorkSpaces Applications](user-pool-end-user-reset-password.md).

**To resend the welcome email for a user**

1. Open the WorkSpaces Applications console at [https://console.aws.amazon.com/appstream2](https://console.aws.amazon.com/appstream2).

1. In the left navigation pane, choose **User Pool** and select the user you want.

1. For **User Details**, choose **Resend welcome email**.

1. Confirm that the success message displays at the top of the User Pool dashboard.