Amazon Web Services (SAML)

If you’re trying to configure the Amazon Web Services: SAML app, you’re in the right place.

Amazon Web Services (SAML) requirements for SSO

Before you configure the Amazon Web Services (AWS) web application for SSO, you need the following:

  • An active Amazon Web Services account with administrator rights for your organization.
  • A signed certificate. You can either download one from Admin Portal or use your organization’s trusted certificate.

Centrify Amazon Web Services CLI utilities

Centrify offers Python and PowerShell CLI utilities to access Amazon Web Services by leveraging Privileged Access Service. The AWS CLI utilities are available from the Downloads area of the Admin Portal.

Refer to The Centrify Developer Program for more information about how to install and use the AWS CLI utilities.

AWS (SAML) Specifications

Each SAML application is different. The following table lists features and functionality specific to Amazon Web Services.

Capability

Supported?

Support details

Web browser client

Yes

 

Mobile client

Yes

iOS and Android

SAML 2.0

Yes

 

SP-initiated SSO

No

 

IdP-initiated SSO

Yes

 

Force user login via SSO only

No

After SSO is enabled, users can continue to log in to Amazon Web Services with their local user name and password.

Separate administrator login
after SSO is enabled

Yes

After SSO is enabled, administrators can continue to log in to Amazon Web Services with their local user name and password.

User lockout

No

 

Administrator lockout

No

 

Multiple User Types

Yes

Refer to Amazon Web Services documentation for details.

Self-service password

Yes

Users can reset their own passwords. Note that administrators cannot reset a user’s password.

Access restriction using a corporate IP range

Yes

You can specify an IP Range in the Admin Portal Policy page to restrict access to the application.