Configure Amazon Web Services as SAML Service Provider

Configure the SAML2 Web App addon for Amazon Web Services (AWS) for an application.

  1. Go to Dashboard > Applications > Applications and either create a new application or click the name of an application to update.

  2. Go to the Addons tab and enable the SAML2 Web App toggle.

  3. On the Settings tab, set the Application Callback URL to: https://signin.aws.amazon.com/saml.

    Dashboard Applications Applications Addons Tab SAML2 Web App Settings Tab
  4. Paste the following code into the Settings text box and click Debug. Be sure to replace the AWS_SSO_ISSUER_URL and AWS_SSO_ACS_URL placeholders with values you copied from AWS.

    {
      "audience": "AWS_SSO_ISSUER_URL",
      "destination": "AWS_SSO_ACS_URL",
      "mappings": {
        "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
        "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
      },
      "createUpnClaim": false,
      "passthroughClaimsWithNoMapping": false,
      "mapUnknownClaimsAsIs": false,
      "mapIdentities": false,
      "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
      "nameIdentifierProbes": [
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
      ]
    }
    
    

  5. Scroll to the bottom of the page and click Enable.

  6. On the Usage tab, locate Identity Provider Metadata, and click Download to download the metadata file. You'll need this when you configure Auth0 as the identity provider.

    Dashboard Applications Applications Addons Tab SAML2 Web App Usage Tab

To learn how to configure AWS for SSO, read Configure Amazon Web Services for Single Sign-On.

Learn more