AWS Security Blog

Tag: SAML

How to automate SAML federation to multiple AWS accounts from Microsoft Azure Active Directory

You can use federation to centrally manage access to multiple AWS accounts using credentials from your corporate directory. Federation is the practice of establishing trust between a system acting as an identity provider and other systems, often called service providers, that accept authentication tokens from that identity provider. Amazon Web Services (AWS) supports open federation […]

Read More

Introducing AWS Single Sign-On

Today, AWS introduced AWS Single Sign-On (AWS SSO), a service that makes it easy for you to centrally manage SSO access to multiple AWS accounts and business applications. AWS SSO provides a user portal so that your users can find and access all of their assigned accounts and applications from one place, using their existing […]

Read More

SAML Identity Federation: Follow-Up Questions, Materials, Guides, and Templates from an AWS re:Invent 2016 Workshop (SEC306)

As part of the re:Source Mini Con for Security Services at AWS re:Invent 2016, we conducted a workshop focused on Security Assertion Markup Language (SAML) identity federation: Choose Your Own SAML Adventure: A Self-Directed Journey to AWS Identity Federation Mastery. As part of this workshop, attendees were able to submit their own federation-focused questions to […]

Read More

How to Use SAML to Automatically Direct Federated Users to a Specific AWS Management Console Page

Identity federation enables your enterprise users (such as Active Directory users) to access the AWS Management Console via single sign-on (SSO) by using their existing credentials. In Security Assertion Markup Language (SAML) 2.0, RelayState is an optional parameter that identifies a specified destination URL your users will access after signing in with SSO. When using […]

Read More

How to Set Up Uninterrupted, Federated User Access to AWS Using AD FS

Microsoft Active Directory Federation Services (AD FS) is a common identity provider that many AWS customers use to give federated users access to the AWS Management Console. AD FS uses multiple certificates to ensure secure communication between servers and to act as authentication mechanisms. One such mechanism is called the token-signing certificate. When the token-signing certificate expires, […]

Read More

How to Set Up SSO to the AWS Management Console for Multiple Accounts by Using AD FS and SAML 2.0

AWS supports Security Assertion Markup Language (SAML) 2.0, an open standard for identity federation used by many identity providers (IdPs). SAML enables federated single sign-on (SSO), which enables your users to sign in to the AWS Management Console or to make programmatic calls to AWS APIs by using assertions from a SAML-compliant IdP. Many of […]

Read More

AWS IAM Sessions at re:Invent 2015

As I said last week, the breakout sessions for the Security & Compliance track have been announced and are shown in the re:Invent 2015 session catalog. If you are going to re:Invent 2015, you can add these sessions to your schedule now. Today, I will highlight the AWS Identity and Access Management (IAM) sessions that […]

Read More

How to Implement a General Solution for Federated API/CLI Access Using SAML 2.0

Note from March 27, 2019: The features and services described in this post have changed since the post was published and the procedures described might be out of date and no longer accurate. Specifically, the procedures have not been tested with ADFS 4.0. If we update this post or create a replacement, we’ll add a […]

Read More

How to Implement Federated API and CLI Access Using SAML 2.0 and AD FS

Note 1: On August 12, 2015, I published a follow-up to this post, which is called How to Implement a General Solution for Federated API/CLI Access Using SAML 2.0. Be sure to see that post if you want to implement a general federation solution (not specific to AD FS). Note 2: This post focuses on NTLM authentication, […]

Read More