Integrate third-party SAML solution providers with Amazon
Note
We recommend that you require your human users to use temporary credentials when accessing Amazon. Have you considered using Amazon IAM Identity Center? You can use IAM Identity Center to centrally manage access to multiple Amazon Web Services accounts and provide users with MFA-protected, single sign-on access to all their assigned accounts from one place. With IAM Identity Center, you can create and manage user identities in IAM Identity Center or easily connect to your existing SAML 2.0 compatible identity provider. For more information, see What is IAM Identity Center? in the Amazon IAM Identity Center User Guide.
The following links help you configure third-party SAML 2.0 identity provider (IdP) solutions to work with Amazon federation.
Tip
Amazon Support engineers can assist customers who have business and enterprise support
plans with some integration tasks that involve third-party software. For a current list of
supported platforms and applications, see What
third-party software is supported?
Solution | More information |
---|---|
Auth0 |
Integrate with Amazon Web Services |
Microsoft Entra |
Tutorial: Microsoft Entra SSO integration with Amazon Single-Account Access |
Centrify | Configure
Centrify and Use SAML for SSO to Amazon |
CyberArk | Configure CyberArk |
ForgeRock | The ForgeRock Identity Platform |
Google Workspace | Amazon Web Services cloud
application |
IBM | You can configure IBM to pass session tags.
For more information, see IBM Cloud Identity IDaaS one of first to support Amazon session tags |
JumpCloud |
Granting Access via IAM Roles for Single Sign On (SSO) with Amazon Amazon |
Matrix42 | MyWorkspace Getting Started Guide |
Microsoft Active Directory Federation Services (AD FS) |
Field Notes: Integrating Active Directory Federation Service with Amazon IAM Identity Center |
miniOrange | SSO
for Amazon |
Okta |
Integrating the Amazon Web Services Command Line Interface Using Okta |
Okta | Amazon Account Federation |
OneLogin | From the OneLogin
KnowledgebaseSAML Amazon for a list of
articles that explain how to set up IAM Identity Center functionality between OneLogin and Amazon for a
single-role and multi-role scenarios. You can configure OneLogin to pass session tags. For more information, see OneLogin and Session
Tags: Attribute-Based Access Control for Amazon Resources |
Ping Identity |
PingFederate Amazon Connector |
RadiantLogic | Radiant Logic Technology Partners |
RSA | Amazon Web Services - RSA Ready Implementation Guide |
Salesforce.com |
How to
configure SSO from Salesforce to Amazon |
SecureAuth |
Amazon - SecureAuth SAML SSO |
Shibboleth |
How to Use Shibboleth for SSO to the Amazon Web Services Management Console |
For more details, see the IAM Partners