Posted On: Nov 11, 2013
AWS supports identity federation that makes it easier to manage users by maintaining their identities in a single place. We are excited to announce we’ve expanded our identity federation to include support for the Security Assertion Markup Language (SAML) 2.0, an open standard used by many identity providers. This new feature enables federated single sign-on, or SSO, empowering users to log into the AWS Management Console or make programmatic calls to AWS APIs, by using assertions from a SAML-compliant identity provider, such as Shibboleth and Windows Active Directory Federation Services.
There are many great use cases that illustrate how identity federation makes user administration easier. For instance, if a user leaves your company, you can simply delete the user's corporate identity, which then also revokes access to AWS. End users also benefit because they only need to remember one username and password. Using SAML can make configuring federation with AWS easy, because system administrators can set it up using existing identity provider software instead of writing code.