Step 1: Create an IAM role for IAM single sign-on access
If you don't use an identity provider for single sign-on access, you can skip this step.
If you already manage user identities outside of Amazon, you can authenticate users for access to an Amazon Redshift database by integrating IAM authentication and a third-party SAML-2.0 identity provider (IdP).
For more information, see Identity Providers and Federation in the IAM User Guide.
Before you can use Amazon Redshift IdP authentication, create an Amazon SAML identity provider. You create an IdP in the IAM console to inform Amazon about the IdP and its configuration. Doing this establishes trust between your Amazon account and the IdP. For steps to create a role, see Creating a Role for SAML 2.0 Federation (Console) in the IAM User Guide.