Integrating third-party SAML solution providers with Amazon - Amazon Identity and Access Management
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Integrating third-party SAML solution providers with Amazon


We recommend that you require your human users to use temporary credentials when accessing Amazon. Have you considered using Amazon IAM Identity Center? You can use IAM Identity Center to centrally manage access to multiple Amazon Web Services accounts and provide users with MFA-protected, single sign-on access to all their assigned accounts from one place. With IAM Identity Center, you can create and manage user identities in IAM Identity Center or easily connect to your existing SAML 2.0 compatible identity provider. For more information, see What is IAM Identity Center? in the Amazon IAM Identity Center User Guide.

The following links help you configure third-party SAML 2.0 identity provider (IdP) solutions to work with Amazon federation.


Amazon Support engineers can assist customers who have business and enterprise support plans with some integration tasks that involve third-party software. For a current list of supported platforms and applications, see What third-party software is supported? in the Amazon Support FAQs.

Solution More information
Auth0 Integrate with Amazon Web Services – This page on the Auth0 documentation website has links to resources that describe how to set up single sign-on (SSO) with the Amazon Web Services Management Console and includes a JavaScript example. You can configure Auth0 to pass session tags. For more information, see Auth0 Announces Partnership with Amazon for IAM Session Tags.
Microsoft Entra Tutorial: Microsoft Entra SSO integration with Amazon Single-Account Access – This tutorial on the Microsoft website describes how to set up Microsoft Entra (formerly known as Azure AD) as an identity provider (IdP) using SAML federation.
Centrify Configure Centrify and Use SAML for SSO to Amazon – This page on the Centrify website explains how to configure Centrify to use SAML for SSO to Amazon.
CyberArk Configure CyberArk to provide Amazon Web Services (Amazon) access to users logging in through SAML single sign-on (SSO) from the CyberArk User Portal.
ForgeRock The ForgeRock Identity Platform integrates with Amazon. You can configure ForgeRock to pass session tags. For more information, see Attribute Based Access Control for Amazon Web Services.
Google Workspace Amazon Web Services cloud application – This article on the Google Workspace Admin Help site describes how to configure Google Workspace as a SAML 2.0 IdP with Amazon as the service provider.
IBM You can configure IBM to pass session tags. For more information, see IBM Cloud Identity IDaaS one of first to support Amazon session tags.
JumpCloud Granting Access via IAM Roles for Single Sign On (SSO) with Amazon Amazon – This article on the JumpCloud website describes how to set up and enable SSO based on IAM roles for Amazon.
Matrix42 MyWorkspace Getting Started Guide – This guide describes how to integrate Amazon identity services with Matrix42 MyWorkspace.
Microsoft Active Directory Federation Services (AD FS)

Field Notes: Integrating Active Directory Federation Service with Amazon IAM Identity Center – This post on the Amazon Architecture Blog explains the authentication flow between AD FS and Amazon IAM Identity Center (IAM Identity Center). IAM Identity Center supports identity federation with SAML 2.0, allowing integration with AD FS solutions. Users can sign in to the IAM Identity Center portal with their corporate credentials reducing the admin overhead of maintaining separate credentials on IAM Identity Center. You can also configure AD FS to pass session tags. For more information, see Use attribute-based access control with AD FS to simplify IAM permissions management.

miniOrange SSO for Amazon – This page on the miniOrange website describes how to establish secure access to Amazon for enterprises and full control over access of Amazon applications.
Okta Integrating the Amazon Web Services Command Line Interface Using Okta – From this page on the Okta support site you can learn how to configure Okta for use with Amazon. You can configure Okta to pass session tags. For more information, see Okta and Amazon Partner to Simplify Access Via Session Tags.
Okta Amazon Account Federation – This section on the Okta website describes how to set up and enable IAM Identity Center for Amazon.
OneLogin From the OneLogin Knowledgebase, search for SAML Amazon for a list of articles that explain how to set up IAM Identity Center functionality between OneLogin and Amazon for a single-role and multi-role scenarios. You can configure OneLogin to pass session tags. For more information, see OneLogin and Session Tags: Attribute-Based Access Control for Amazon Resources.
Ping Identity

PingFederate Amazon Connector – View details about the PingFederate Amazon Connector, a quick connection template to easily set up a single sign-on (SSO) and provisioning connection. Read documentation and download the latest PingFederate Amazon Connector for integrations with Amazon. You can configure Ping Identity to pass session tags. For more information, see Announcing Ping Identity Support for Attribute-Based Access Control in Amazon.

RadiantLogic Radiant Logic Technology Partners – Radiant Logic's RadiantOne Federated Identity Service integrates with Amazon to provide an identity hub for SAML-based SSO.
RSA Amazon - RSASecurID Access Implementation Guide provides guidance for integrating Amazon and RSA SecurID Access. You can configure RSA SecurID Access to pass session tags during sign in as part of the SAML assertion. For more information on SAML configuration, see SSOAgent - SAMLConfiguration - Amazon RSA Ready SecurID Access Implementation Guide. How to configure SSO from Salesforce to Amazon – This how-to article on the developer site describes how to set up an identity provider (IdP) in Salesforce and configure Amazon as a service provider.
SecureAuth Amazon - SecureAuth SAML SSO – This article on the SecureAuth website describes how to set up SAML integration with Amazon for a SecureAuth appliance.
Shibboleth How to Use Shibboleth for SSO to the Amazon Web Services Management Console – This entry on the Amazon Security Blog provides a step-by-step tutorial on how to set up Shibboleth and configure it as an identity provider for Amazon. You can configure Shibboleth to pass session tags.

For more details, see the IAM Partners page on the Amazon website.