Amazon Web Services (SAML)

If you’re trying to configure the Amazon Web Services: SAML app, you’re in the right place.

Amazon Web Services (SAML) requirements for SSO

Before you configure the Amazon Web Services (AWS) web application for SSO, you need the following:

  • An active Amazon Web Services account with administrator rights for your organization.
  • A signed certificate. You can either download one from Admin Portal or use your organization’s trusted certificate.
  • Adding Amazon Web Services (SAML) in Admin Portal

    Centrify Amazon Web Services CLI utilities

    Centrify offers Python and PowerShell CLI utilities to access Amazon Web Services by leveraging Privileged Access Service. The AWS CLI utilities are available from the Downloads area of the Admin Portal.

    Refer to The Centrify Developer Program for more information about how to install and use the AWS CLI utilities.

    AWS (SAML) Specifications

    Each SAML application is different. The following table lists features and functionality specific to Amazon Web Services.



    Support details

    Web browser client



    Mobile client


    iOS and Android

    SAML 2.0



    SP-initiated SSO



    IdP-initiated SSO



    Force user login via SSO only


    After SSO is enabled, users can continue to log in to Amazon Web Services with their local user name and password.

    Separate administrator login
    after SSO is enabled


    After SSO is enabled, administrators can continue to log in to Amazon Web Services with their local user name and password.

    User lockout



    Administrator lockout



    Multiple User Types


    Refer to Amazon Web Services documentation for details.

    Self-service password


    Users can reset their own passwords. Note that administrators cannot reset a user’s password.

    Access restriction using a corporate IP range


    You can specify an IP Range in the Admin Portal Policy page to restrict access to the application.