Amazon Web Services (SAML)

If you’re trying to configure the Amazon Web Services: SAML app, you’re in the right place.

Amazon Web Services (SAML) requirements for SSO

Before you configure the Amazon Web Services (AWS) web application for SSO, you need the following:

  • An active Amazon Web Services account with administrator rights for your organization.
  • A signed certificate. You can either download one from Admin Portal or use your organization’s trusted certificate.
  • Adding Amazon Web Services (SAML) in Admin Portal

    Centrify Amazon Web Services CLI utilities

    Centrify offers Python and PowerShell CLI utilities to access Amazon Web Services by leveraging Centrify Privileged Access Services. The AWS CLI utilities are available from the Downloads area of the Admin Portal.

    Refer to developer.idaptive.com for more information about how to install and use the AWS CLI utilities.

    AWS (SAML) Specifications

    Each SAML application is different. The following table lists features and functionality specific to Amazon Web Services.

    Capability

    Supported?

    Support details

    Web browser client

    Yes

     

    Mobile client

    Yes

    iOS and Android

    SAML 2.0

    Yes

     

    SP-initiated SSO

    No

     

    IdP-initiated SSO

    Yes

     

    Force user login via SSO only

    No

    After SSO is enabled, users can continue to log in to Amazon Web Services with their local user name and password.

    Separate administrator login
    after SSO is enabled

    Yes

    After SSO is enabled, administrators can continue to log in to Amazon Web Services with their local user name and password.

    User lockout

    No

     

    Administrator lockout

    No

     

    Multiple User Types

    Yes

    Refer to Amazon Web Services documentation for details.

    Self-service password

    Yes

    Users can reset their own passwords. Note that administrators cannot reset a user’s password.

    Access restriction using a corporate IP range

    Yes

    You can specify an IP Range in the Admin Portal Policy page to restrict access to the application.

    Feedback  Print 

    last updated: Jul 23, 2019