Amazon AppStream 2.0
Developer Guide

AppStream 2.0 Integration with SAML 2.0

For more information about additional supported SAML providers, see Integrating Third-Party SAML Solution Providers with AWS in the IAM User Guide.

The following links help you configure third-party SAML 2.0 identity provider solutions to work with AppStream 2.0.

Identity provider solution More information
Ping Identity Configuring an SSO connection to Amazon AppStream 2.0 — This page on the Ping Identity website describes how to set up single sign- on (SSO) to AppStream 2.0.
Okta How to Configure SAML 2.0 for Amazon AppStream 2.0 — This article on the Okta site explains how to use Okta to set up SAML federation to AppStream 2.0. For stacks that are joined to a domain, the "Application username format" must be set to "AD user principal name".
Microsoft Active Directory Federation Services (ADFS) How to Use SAML to Automatically Direct Federated Users to a Specific AWS Management Console Page — This post on the AWS Security Blog shows how to set up ADFS on an EC2 instance and enable SAML federation to a specific console, using the RelayState parameter. You can follow this tutorial and replace the relay state in the example with the relay state of the AppStream 2.0 stack.
Shibboleth How to Use Shibboleth for Single Sign-On to the AWS Management Console — This AWS Security Blog post talks about setting up federation to the AWS Management Console using Active Directory and Shibboleth. After you have created the setup to federate to the console, as outlined in the tutorial, you can edit the relay state provided in the tutorial with the relay state of your AppStream 2.0 stack.

For solutions to common problems when using these guides, see Troubleshooting.