AWS SSO Connect to External SAML Identity Provider

Nov 21, 2020 1 min read

Create an external identity provider in AWS

IAM/Access management/identity_providers/

create a SAML type identity_providers

Set up an external identity provider in AWS

AWS SSO/Settings

Configure SAML SSO in your own identity provider

Create AWS IAM role

Access Management/SAML 2.0 Federation

set the provider you created above as the SAML provider. Select Allow programmatic and AWS Management Console access.

On the Attach Permission Policies page, select the appropriate policies to attach to the role. These define the permissions that users granted this role will have with AWS. For example, to grant your users read-only access to IAM, filter for and select the IAMReadOnlyAccess policy.

Review the Trusted entities and Policies information, then click Create Role

Map AWS role to a user

context.samlConfiguration.mappings = {
    'https://aws.amazon.com/SAML/Attributes/Role': 'awsRole',
    'https://aws.amazon.com/SAML/Attributes/RoleSessionName': 'awsRoleSession'
};

SSO IAM