Authenticate usingYour on-premises SAML 2.0- compliant identity provider (IDP).
, retrieve temporary credentials with
STS and provide federated access to the AWS console
through the AWS single sign-on (SSO) endpoint using
Browser.
How to implement above ?
- Create a SAML provider entity in IAM.
- Go to the IAM console.
- In the navigation pane, choose Identity providers.
- Choose Create provider.
- For Provider type, choose SAML.
- For Provider name, enter a name for your SAML provider entity.
- For Metadata document, upload the SAML metadata document that you obtained from your IdP.
- Choose Create provider.
- Create an IAM role that specifies the SAML provider entity in its trust policy.
- Go to the IAM console.
- In the navigation pane, choose Roles.
- Choose Create role.
- For Choose a role type, choose Web identity.
- For Choose an identity provider, choose the SAML provider entity that you created in the previous step.
- For Audience, enter the AWS account ID of your AWS account.
- Choose Next: Permissions.
- Attach the necessary permissions to the role.
- Choose Next: Review.
- Review the role details and choose Create role.
- Retrieve temporary credentials with STS and provide federated access to the AWS console through the AWS single sign-on (SSO) endpoint using Browser.