Steps to configure SAML SSO for Amazon Web Services

About Amazon Web Services

Amazon Web Services (AWS) stands as a leading cloud computing platform, offering a comprehensive suite of services that cater to diverse business needs. Renowned for its scalability, security, and reliability, AWS empowers organizations to innovate and scale rapidly without the constraints of traditional IT infrastructure.

The following steps will help you enable single sign-on (SSO) for AWS from Identity360.

Prerequisites

1. The MFA and SSO license for Identity360 is required to enable SSO for enterprise applications.
2. Log in to Identity360 as an Admin, Super Admin, or Technician with a role that has Application Integration and Single Sign-on permissions.
3. Navigate to Applications > Application Integration > Create New Application and select Amazon Web Services from the applications displayed.
   Note: You can also find Amazon Web Services using the search bar located at the top.
4. Under the General Settings tab, enter the Application Name and Description.
5. Under the Choose Capabilities section, select SSO and click Continue.
   General Settings of SSO configuration for AWS
6. Under Integration Settings, navigate to the Single Sign On tab and click Metadata Details. Obtain the metadata by clicking Download in the Metadata field. This will be used later during the configuration of AWS.
   Integration Settings of SSO configuration for AWS

AWS (service provider) configuration steps

1. Sign in to your AWS IAM Identity Center company site as an administrator.
   Note: This integration works only with AWS IAM Identity Center. It does not support AWS IAM.
2. On the left navigation pane, select Settings.
3. On the Settings page, navigate to Identity source > Actions and select Change identity source.
   An AWS IAM Identity Center portal view
4. On the Change identity source page, select External identity provider. Click Next.
   Choosing an external IdP in AWS IAM Identity Center
5. Under Identity provider metadata in the Configure external identity provider section, click Choose file under IdP SAML metadata to upload the metadata file that you downloaded in step 6 of the prerequisites.
6. Click Next.
   A metadata upload in AWS IAM Identity Center
7. In the text box, type ACCEPT to change the identity source.
8. Click Change identity source.
   Changing the identity source in AWS IAM Identity Center

Identity360 (IdP) configuration steps

1. Switch to the Single Sign On tab on Identity360's application configuration page.
2. Enter the Relay State parameter, if necessary.
   Note: The Relay State is an optional parameter used with a SAML message to remember where you were or to direct you to a specific page after logging in.
3. Click Save.
   Integration Settings of SSO configuration for AWS
4. To learn how to assign users or groups to one or more applications, refer to this page.

Your users will now be able to sign in to AWS through the Identity360 portal.