To get started with identity federation to the console, you’ll need two components: a session-granting proxy and a sign-in web page of your own.
The session-granting proxy connects your existing identity management system with AWS. It calls your identity management system to validate that a user should have access to AWS and also specifies the permissions you want enforced for the user when he/she interacts with AWS. The session-granting proxy calls the AWS Security Token Service (STS) to request temporary security credentials for the user.
Your web page (i.e. a corporate intranet portal) redirects the user to the AWS Management Console federation endpoint using a sign-in token generated from the temporary security credentials. The token grants the user access to the AWS Management Console without requiring the user to provide username and password.
For more detailed description on how to get started, see the Using Temporary Security Credentials guide.
where you replace the account-identifier with either the 12 digit account number for the account, or the alias you have created for the account. The alias is optional. If you don't want to create an alias then you can use your Account ID. You can always create the alias at a later stage if you want to.
where you replace the account-identifier with either the 12 digit AWS Account number for the account, or the account alias. The URL is also available on the IAM console dashboard.