Skip to main content
All CollectionsIntegrations
How do I integrate SSO for AWS?
How do I integrate SSO for AWS?
Devonte Lowe avatar
Written by Devonte Lowe
Updated over a week ago

Here's a step-by-step guide for setting up a SAML connection for AWS Single Sign-On:

  1. Go to the AWS SSO console and click on "Identity source" in the left-hand menu.

  2. Click on the "Add a new identity source" button.

  3. Select "SAML" as the identity source type.

  4. Enter a name for your identity source and click on "Next".

  5. On the "Set up SSO with SAML" page, click on the "Download AWS SSO SAML metadata" button. This will download an XML file containing the AWS SSO SAML metadata.

  6. Open the XML file in a text editor and copy the contents.

  7. Go to your Halo Security SAML Authentication overview page.

  8. Paste the AWS SSO SAML metadata into the appropriate fields (Issuer Entity ID, SAML URL ID, and Certificate)

  9. Configure the SAML application with the following settings:
    - Single sign-on URL: https://your-aws-sso-instance.awsapps.com/start
    - Audience URI (SP Entity ID): urn:amazon:webservices

  10. Save the SAML application settings in the Halo Security console.

  11. In the AWS SSO console, click on "Attribute mappings" in the left-hand menu.

  12. Map the SAML attributes from your identity provider to the corresponding AWS SSO attributes.

  13. Click on "Review and create" in the left-hand menu.

  14. Review your settings and click on "Create identity source" to create the SAML connection.

Ensure that you have enabled the SAML integration from the Halo Security SAML setup page.
โ€‹

That's it! You should now be able to use your SAML identity provider to sign in to AWS Single Sign-On.

Did this answer your question?