Skip to content

Commit

Permalink
update FAQs with screenshots
Browse files Browse the repository at this point in the history
  • Loading branch information
cnuss committed Sep 27, 2022
1 parent 91bbcec commit 6f58305
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 6 deletions.
22 changes: 16 additions & 6 deletions FAQS.md
Original file line number Diff line number Diff line change
@@ -1,15 +1,25 @@
# Frequently Asked Questions

## "I have many repositories that need this action, but creating a SAML Provider in AWS per-repository won't scale. What should I do?"
## I now have a slew of `saml-to.yml` files across many repositories, and it's quite repetitive.

### Option 1 (Less Secure)
If you have multiple SAML.to files across many repositiories, they can be consolidated into one configuration file in a single repository in your GitHub Organization. It can be used delegate access to other repositories.

Need more info on this? [Message us on Gitter](https://gitter.im/saml-to/assume-aws-role-action).

## I have many repositories that need this action, but creating a SAML Provider in AWS per-repository won't scale.

If all repositories need access to the same role, make a new "Shared Provider" (sans the Repository Name) and place that in the various `saml-to.yml` configuration files.

Need more info on this? [Message us on Gitter](https://gitter.im/saml-to/assume-aws-role-action).
### Step 1 - Create a "Shared Provider"

![Add a Provider](./assets/faq/add-provider.png)

1. When creating a provider, set the name to something generic, but unique to your AWS account. In this example, it's named as `saml.to`.

1. Download your [`IdP Metadata`](https://saml.to/metadata) for your organization from SAML.to.

### Option 2 (More Secure)
### Step 2 - Update each of the `saml-to.yml` file(s) to use the "Shared Provider"

[SAML.to](https://saml.to) allows you to consolidate many `saml-to.yml` configuration files into a single file in a centralized repository.
![saml-to.yml config](./assets/faq/update-config.png)

We're happy to walk you though this process, so [message us on Gitter](https://gitter.im/saml-to/assume-aws-role-action).
1. Change the `https://aws.amazon.com/SAML/Attributes/Role` to use the name of the "Shared Provider"
Binary file added assets/faq/add-provider.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/faq/update-config.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit 6f58305

Please sign in to comment.