Enabling Web Single Sign-On in the AWS Console

Before you integrate AWS in Access Manager, you must enable web single sign-on (SSO) in the AWS console. To enable web SSO, perform the following steps:

  1. Download the Access Manager SAML 2.0 metadata by accessing https://<www.idp.com:8443>/nidp/saml2/metadata. Save it as a local file and rename it to nam-saml2-metadata.xml.

  2. Log in to AWS.

  3. Click Security & Identity > Identity & Access Management > Identity Providers > Create Provider.

  4. Specify the following details:

    1. Provider Type: Select SAML.

    2. Provider Name: Specify a name. For example, NAM-IDP.

    3. Metadata Document: Select the file that you saved in Step 1.

  5. Verify the provider information and click Create.

  6. On the dashboard, click Roles > Create New Role.

  7. Specify a role name.

  8. Click Next.

  9. Select Role for Identity Provider Access > Grant Web Single Sign-On (WebSSO) access to [SAML providers].

  10. Click Next Step.

  11. On the Attach Policy page, select the desired policies.

  12. Click Next Step.

  13. Review the role information. Make a note of the Role ARN and Trusted Entries.

  14. Click Create Role.