AWS Public Sector Blog

Tag: SAML

Enabling SAML AWS SSO GovCloud

Enabling SAML 2.0 federation with AWS SSO and AWS GovCloud (US)

AWS SSO helps administrators centrally manage access to multiple AWS accounts that are members of an AWS Organization. End users can authenticate and then access all their AWS accounts from a single interface. Using AWS SSO as a SAML identity provider for your AWS accounts also has security benefits: user credentials provided via federation are temporary. AWS SSO does not automatically detect AWS GovCloud (US) accounts associated with standard AWS accounts in your AWS Organization. AWS SSO is also not currently available in AWS GovCloud (US). As a result, AWS SSO cannot be used to automatically provision access for your users into an AWS GovCloud (US) account. However, this functionality can be extended to enable federation into AWS GovCloud (US) with a “custom SAML 2.0 application” in AWS SSO.

Read More