AppStream 2.0 Integration with SAML 2.0
The following links help you configure third-party SAML 2.0 identity provider solutions to work with AppStream 2.0.
IdP solution | More information |
---|---|
AWS IAM Identity Center |
Enable federation with IAM Identity Center and Amazon AppStream 2.0
|
Active Directory Federation Services (AD FS) for Windows Server | AppStream |
Azure Active Directory (Azure AD) |
Enabling Federation with Azure AD Single Sign-On and Amazon AppStream 2.0
|
GG4L School Passport™ |
Enabling Identity
Federation with GG4L’s School Passport™ and Amazon AppStream 2.0
|
Setting up G Suite SAML 2.0 federation with Amazon AppStream 2.0 |
|
Okta |
How to Configure SAML 2.0 for Amazon AppStream 2.0 |
Ping Identity |
Configuring an SSO connection to Amazon AppStream 2.0 |
Shibboleth |
Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth Step 4 of the AWS Security whitepaper describes how to create IAM roles that define the permissions that federated users have to the AWS Management Console. After you create these roles and embed the inline policy as described in the whitepaper, modify this policy so that it provides federated users with permissions to access only an AppStream 2.0 stack. To do this, replace the existing policy with the policy noted in Step 3: Embed an Inline Policy for the IAM Role, in Setting Up SAML. When you add the stack relay state URL as described
in Step 6: Configure the Relay State of Your
Federation, in Setting Up SAML,
add the relay state parameter to the federation URL as a target
request attribute. The URL must be encoded. For information about
configuring relay state parameters, see the SAML 2.0 For more information, see Enabling Identity Federation with Shibboleth and
Amazon AppStream 2.0 |
VMware WorkSpace ONE |
Federating Access to Amazon AppStream 2.0 from VMware Workspace ONE |
SimpleSAMLphp | Enabling Federation with SimpleSAMLphp and Amazon AppStream 2.0 |
OneLogin Single Sign-On (SSO) | OneLogin SSO with Amazon AppStream 2.0 |
JumpCloud Single Sign-On (SSO) | Enable federation with JumpCloud SSO and Amazon AppStream 2.0 |
BIO-key PortalGuard | Enable federation with Bio-key PortalGuard and Amazon AppStream
2.0 |
For solutions to common problems you may encounter, see Troubleshooting.
For more information about additional supported SAML providers, see Integrating Third-Party SAML Solution Providers with AWS in the IAM User Guide.