Update doc

site/content/en/docs/enterprise/social-accounts-configuration.md

@@ -108,27 +108,51 @@ There are 2 basic steps to enable GitHub account authentication.
 
 ## Enable authentication with an Amazon Cognito
 
-To enable authentication, do the following:
-
-1. Create a user pool. For more information,
-   see [Amazon Cognito user pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html)
-2. Fill in the name field, set the homepage URL (for example: `https://localhost:8080`),
-   and authentication callback URL (for example: `https://localhost:8080/api/auth/social/amazon-cognito/login/callback/`).
-3. Create conпiguration file in CVAT:
-
-   1. Create the `auth_config.yml` file with the following content:
-
-   ```yaml
-   ---
-   social_account:
-     enabled: true
-     amazon_cognito:
-       client_id: <some_client_id>
-       client_secret: <some_client_secret>
-       domain: https://<domain-prefix>.auth.us-east-1.amazoncognito.com
-   ```
-
-   2. Set `AUTH_CONFIG_PATH="<path_to_auth_config>` environment variable.
+To enable authentication with Amazon Cognito for your CVAT instance, you need to complete two main steps:
+
+1. Create and configure an [Amazon Cognito user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html).
+Follow these detailed steps to set up the user pool:
+
+   1. Create a user pool. For example, you might use settings like those shown in the image below:
+      ![](/images/cognito_pool_1.jpg)
+   2. Configure a new app on the step `Integrate your app`:
+      - Select the `Confidential client` type, as CVAT securely stores client secrets on the server side.
+      (*Note: the `Public client` type is also supported*)
+      - Enter a name for your app client
+      - Choose the `Generate a client secret` option
+      ![](/images/cognito_pool_2.jpg)
+   3. Once your pool is configured, go to the `App integration` tab on the pool details page and then to the `Domain` section.
+      Create either a custom domain or Cognito domain (e.g. `https://cvat.auth.us-east-1.amazoncognito.com`).
+      Copy this domain as you'll need it later when configuring the `auth_config.yml` file for CVAT.
+   4. Go below to the `App client list` section, find the app you created and open its settings.
+      Edit the `Hosted UI` settings:
+         - `Allowed callback URLs`: add a callback URL (`<http|https>://<cvat_domain>/api/auth/social/amazon-cognito/login/callback/`)
+         - `Identity providers`: select `Cognito user pool`
+         - `OAuth 2.0 grant types`: select `Authorization code grant`
+         - `OpenID Connect scopes`: select the following scopes: `OpenID`, `Profile`, `Email`
+         ![](/images/cognito_pool_3.jpg)
+
+2. Once the Cognito setup is complete, configure social authentication in CVAT:
+   1. Create the `auth_config.yml` file in CVAT with the following content:
+      ```yaml
+      ---
+      social_account:
+      enabled: true
+      amazon_cognito:
+         client_id: <client_id>
+         client_secret: <client_secret>
+         domain: <custom-domain> or https://<custom-cognito-prefix>.auth.us-east-1.amazoncognito.com
+      ```
+      The `client_id` and `client_secret` could be found on the page with app details while
+      the `domain` value could be found on the page with pool details.
+
+   2. Set required environment variables:
+       ```bash
+         export AUTH_CONFIG_PATH="<path_to_auth_config>`
+         export CVAT_HOST="<cvat_host>"
+         # schema: http|https, CVAT_PORT is optional
+         export CVAT_BASE_URL="<SCHEMA>://${CVAT_HOST}:<CVAT_PORT>"
+       ```
 
 3. In a terminal, run the following command: