diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js
new file mode 100644
index 00000000..e69de29b
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 09705d12..6ada37a4 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,2 +1,5 @@
 class ApplicationController < ActionController::Base
+  def new_session_path(scope)
+    new_user_session_path
+  end
 end
diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb
index 018429e0..2855574e 100644
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@@ -1,5 +1,6 @@
 class HomeController < ApplicationController
+  before_action :authenticate_user!
+
   def show
-    render body: "Hello from Staff Device"
   end
-end
\ No newline at end of file
+end
diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb
new file mode 100644
index 00000000..4c05faec
--- /dev/null
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@@ -0,0 +1,14 @@
+class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  def cognito_idp
+    @user = User.from_omniauth(request.env["omniauth.auth"])
+
+    if @user.persisted?
+      sign_in_and_redirect @user, event: :authentication #this will throw if @user is not activated
+      set_flash_message(:notice, :success, kind: "Cognito IDP") if is_navigational_format?
+    end
+  end
+
+  def failure
+    redirect_to root_path
+  end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
index 8ef36b4d..6196562d 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -2,4 +2,8 @@ class User < ApplicationRecord
   # Include default devise modules. Others available are:
   # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
   devise :omniauthable, omniauth_providers: %i[cognito-idp]
-end
\ No newline at end of file
+
+  def from_omniauth(auth)
+    where(provider: auth.provider, uid: auth.uid).first_or_create
+  end
+end
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb
new file mode 100644
index 00000000..78d4c3a8
--- /dev/null
+++ b/app/views/devise/sessions/new.html.erb
@@ -0,0 +1,3 @@
+<h2>Log in</h2>
+
+<%= link_to "Sign in with Cognito", user_cognito_idp_omniauth_authorize_path %>
diff --git a/app/views/home/show.html.erb b/app/views/home/show.html.erb
new file mode 100644
index 00000000..d3649c1f
--- /dev/null
+++ b/app/views/home/show.html.erb
@@ -0,0 +1,3 @@
+<p>Hello from Staff Device</p>
+
+<%= link_to "Logout", destroy_user_session_path, method: :delete %>
diff --git a/config/routes.rb b/config/routes.rb
index ff933562..f7b612c8 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,5 +1,10 @@
 Rails.application.routes.draw do
-  devise_for :users
+  devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
+  devise_scope :user do
+    get 'sign_in', :to => 'devise/sessions#new', :as => :new_user_session
+    delete 'sign_out', :to => 'devise/sessions#destroy', :as => :destroy_user_session
+  end
+
   get "/healthcheck", to: "monitoring#healthcheck"
   root "home#show"
 end