You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/integrations/aws/sso.md
+28-50
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
description: How to use Single Sign-on (SSO) with AWS
2
+
description: Learn how to use Single Sign-on (SSO) with AWS using the SAML2 Web App addon.
3
3
toc: true
4
4
topics:
5
5
- integrations
@@ -18,13 +18,11 @@ By integrating Auth0 with AWS, you'll allow your users to log in to AWS using an
18
18
19
19
## Configure Auth0
20
20
21
-
Log in to the [Management Dashboard](${manage_url}/#/applications), and create a new [Application](/application) (you can also use an existing Application if you'd like). On the **Addons** tab, enable the **SAML2 Web App** addon.
21
+
1.Log in to the [Management Dashboard](${manage_url}/#/applications), and create a new [Application](/application) (you can also use an existing Application if you'd like). On the **Addons** tab, enable the **SAML2 Web App** addon.
You'll be asked to configure this add-on using the pop-up that appears immediately after you've enabled the SAML2 Web App.
26
-
27
-
On the **Settings** tab, populate **Application <dfndata-key="callback">Callback URL</dfn>** with `https://signin.aws.amazon.com/saml` and paste the following <dfndata-key="security-assertion-markup-language">SAML</dfn> configuration code into **Settings**:
25
+
2. Configure this add-on using the pop-up that appears immediately after you've enabled the SAML2 Web App. On the **Settings** tab, populate **Application <dfndata-key="callback">Callback URL</dfn>** with `https://signin.aws.amazon.com/saml` and paste the following <dfndata-key="security-assertion-markup-language">SAML</dfn> configuration code into **Settings**:
28
26
29
27
```js
30
28
{
@@ -44,64 +42,46 @@ On the **Settings** tab, populate **Application <dfn data-key="callback">Callbac
48
46
49
-
Scroll to the bottom and click **Enable**.
47
+
3.Scroll to the bottom and click **Enable**.
50
48
51
-
Click over to the **Usage** tab. You'll need to configure Auth0 as the identity provider (IdP) for AWS, which requires you to provide the appropriate metadata to AWS. You can obtain a file containing this information by clicking **Identity Provider Metadata**.
49
+
4.Click over to the **Usage** tab. You'll need to configure Auth0 as the identity provider (IdP) for AWS, which requires you to provide the appropriate metadata to AWS. You can obtain a file containing this information by clicking **Identity Provider Metadata**.
54
52
55
53
## Configure AWS
56
54
57
-
At this point, you're ready to continue the configuration process from the AWS side.
58
-
59
-
Log in to AWS, and navigate to the [IAM console](https://console.aws.amazon.com/iam). Using the left-hand navigation menu, under **Access Management**, select **Identity Providers**. Click **Create Provider**.
1. Log in to AWS, and navigate to the [IAM console](https://console.aws.amazon.com/iam). Using the left-hand navigation menu, under **Access Management**, select **Identity Providers**. Click **Create Provider**.
72
56
73
-
Click **Next Step**. Verify your settings and click **Create** if everything is correct.
57
+
2. Set the following parameters:
74
58
75
-
To use the provider, you must create an IAM role using the provider in the role's trust policy.
59
+
| Parameter | Description and Sample Value |
60
+
| - | - |
61
+
| Provider Type | The type of provider. Set as `SAML`|
62
+
| Provider Name | A descriptive name for the provider, such as `auth0SamlProvider`|
63
+
| Metadata Document | Upload the file containing the Auth0 metadata you downloaded in the previous step here. |
76
64
77
-
In the sidebar, under **Access Management**, navigate to **[Roles](https://console.aws.amazon.com/iam/home#/roles)**. Click **Create Role**.
65
+
3. Click **Next Step**. Verify your settings and click **Create** if everything is correct.
4. To use the provider, you must create an IAM role using the provider in the role's trust policy. In the sidebar, under **Access Management**, navigate to **[Roles](https://console.aws.amazon.com/iam/home#/roles)**. Click **Create Role**.
80
68
81
-
On the next page, you will be asked to select the type of trusted entity. Select **SAML 2.0 Federation**.
69
+
5.On the next page, you will be asked to select the type of trusted entity. Select **SAML 2.0 Federation**.
82
70
83
-
When prompted, set the provider you created above as the **SAML provider**. Select **Allow programmatic and AWS Management Console access**. Click **Next** to proceed.
71
+
6.When prompted, set the provider you created above as the **SAML provider**. Select **Allow programmatic and AWS Management Console access**. Click **Next** to proceed.
7. On the **Attach Permission Policies** page, select the appropriate policies to attach to the role. These define the permissions that users granted this role will have with AWS. For example, to grant your users read-only access to IAM, filter for and select the `IAMReadOnlyAccess` policy. Once you are done, click **Next Step**.
86
74
87
-
On the **Attach Permission Policies**page, select the appropriate policies to attach to the role. These define the permissions that users granted this role will have with AWS. For example, to grant your users read-only access to IAM, filter for and select the `IAMReadOnlyAccess` policy. Once you are done, click **Next Step**.
75
+
8. The third **Create Role**screen is **Add Tags**. You can use tags to organize the roles you create if you will be creating a significant number of them.
9. On the **Review** page, set the **Role Name** and review your settings. Provide values for the following parameters:
90
78
91
-
The third **Create Role** screen is **Add Tags**. You can use tags to organize the roles you create if you will be creating a significant number of them.
79
+
| Parameter | Definition |
80
+
| - | - |
81
+
| Role name | A descriptive name for your role |
82
+
| Role description | A description of what your role is used for |
Finally, on the **Review** page, set the **Role Name** and review your settings. Provide values for the following parameters:
96
-
97
-
| Parameter | Definition |
98
-
| - | - |
99
-
| Role name | A descriptive name for your role |
100
-
| Role description | A description of what your role is used for |
101
-
102
-
Review the **Trusted entities** and **Policies** information, then click **Create Role**. At this point, you'll have created the necessary role to associate with your provider.
10. Review the **Trusted entities** and **Policies** information, then click **Create Role**. At this point, you'll have created the necessary role to associate with your provider.
You can also assign an array to the role mapping (so you'd have `awsRoles = [ role1, role2 ]` instead of `awsRoles: role1`)
157
137
@@ -224,6 +204,4 @@ function (user, context, callback) {
224
204
225
205
You are now set up for <dfndata-key="single-sign-on">Single Sign-on (SSO)</dfn> to AWS. You can find the `Identity Provider Login URL` on the [Management Dashboard](${manage_url}). Open up your [application](${manage_url}/#/applications) to the **SAML2 Addon** settings area, and click over to the **Usage** tab.
To test the SSO, navigate to the URL indicated. You should be redirected to the Auth0 sign in page. If you successfully sign in, you'll be redirected again, this time to AWS.
0 commit comments