Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Browser SAML credentials

Browser SAML is a generic authentication plugin that can work with SAML-based identity providers and supports multi-factor authentication.

Credentials provider

The credentials provider that will be used to authenticate requests to Amazon. Set the value of this parameter to BrowserSaml.

Single sign-on login URL

The single sign-on URL for your application on the SAML-based identity provider.

Listen port

The port number that is used to listen for the SAML response. This value should match the URL with which you configured the SAML-based identity provider (for example, http://localhost:7890/athena).

Identity provider response timeout

The duration, in seconds, before the driver stops waiting for the SAML response from Azure AD.

Preferred role

The Amazon Resource Name (ARN) of the role to assume. For information about ARN roles, see AssumeRole in the Amazon Security Token Service API Reference.

Role session duration

The duration, in seconds, of the role session. For more information, see AssumeRole in the Amazon Security Token Service API Reference.

Lake Formation enabled

Specifies whether to use the AssumeDecoratedRoleWithSAML Lake Formation API action to retrieve temporary IAM credentials instead of the AssumeRoleWithSAML Amazon STS API action.