Configure Amazon Web Services as SAML Service Provider

Configure the SAML2 Web App addon for Amazon Web Services (AWS) for an application.

1. Go to Dashboard > Applications > Applications and either create a new application or click the name of an application to update.

2. Go to the Addons tab and enable the SAML2 Web App toggle.

3. On the Settings tab, set the Application Callback URL to: https://signin.aws.amazon.com/saml.

   

4. Paste the following code into the Settings text box and click Debug. Be sure to replace the AWS_SSO_ISSUER_URL and AWS_SSO_ACS_URL placeholders with values you copied from AWS.

   {
     "audience": "AWS_SSO_ISSUER_URL",
     "destination": "AWS_SSO_ACS_URL",
     "mappings": {
       "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
       "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
     },
     "createUpnClaim": false,
     "passthroughClaimsWithNoMapping": false,
     "mapUnknownClaimsAsIs": false,
     "mapIdentities": false,
     "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
     "nameIdentifierProbes": [
       "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
     ]
   }

   Was this helpful?

   Yes /No

5. Scroll to the bottom of the page and click Enable.

6. On the Usage tab, locate Identity Provider Metadata, and click Download to download the metadata file. You'll need this when you configure Auth0 as the identity provider.

   

To learn how to configure AWS for SSO, read Configure Amazon Web Services for Single Sign-On.

• Use Amazon Web Services Session Tags for Role-Based Access Control
• Configure Amazon Web Services for Single Sign-On