Creating and managing a SAML identity provider for a user pool (AWS CLI and AWS API) - Amazon Cognito

Creating and managing a SAML identity provider for a user pool (AWS CLI and AWS API)

Use the following commands to create and manage a SAML identity provider (IdP).

To create an IdP and upload a metadata document

AWS CLI: aws cognito-idp create-identity-provider

Example with metadata file: aws cognito-idp create-identity-provider --user-pool-id <user_pool_id> --provider-name=SAML_provider_1 --provider-type SAML --provider-details file:///details.json --attribute-mapping email=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Where details.json contains:
```
{ 
    "MetadataFile": "<SAML metadata XML>"
}
```
Note
If the <SAML metadata XML> contains any quotations ("), they must be escaped (\").

Example with metadata URL: aws cognito-idp create-identity-provider --user-pool-id <user_pool_id> --provider-name=SAML_provider_1 --provider-type SAML --provider-details MetadataURL=<metadata_url> --attribute-mapping email=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
AWS API: CreateIdentityProvider

To upload a new metadata document for an IdP

AWS CLI: aws cognito-idp update-identity-provider

Example with metadata file: aws cognito-idp update-identity-provider --user-pool-id <user_pool_id> --provider-name=SAML_provider_1 --provider-details file:///details.json --attribute-mapping email=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Where details.json contains:
```
{ 
    "MetadataFile": "<SAML metadata XML>"
}
```
Note
If the <SAML metadata XML> contains any quotations ("), they must be escaped (\").

Example with metadata URL: aws cognito-idp update-identity-provider --user-pool-id <user_pool_id> --provider-name=SAML_provider_1 --provider-details MetadataURL=<metadata_url> --attribute-mapping email=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
AWS API: UpdateIdentityProvider

To get information about a specific IdP

AWS CLI: aws cognito-idp describe-identity-provider

aws cognito-idp describe-identity-provider --user-pool-id <user_pool_id> --provider-name=SAML_provider_1
AWS API: DescribeIdentityProvider

To list information about all IdPs

AWS CLI: aws cognito-idp list-identity-providers

Example: aws cognito-idp list-identity-providers --user-pool-id <user_pool_id> --max-results 3
AWS API: ListIdentityProviders

To delete an IdP

AWS CLI: aws cognito-idp delete-identity-provider

aws cognito-idp delete-identity-provider --user-pool-id <user_pool_id> --provider-name=SAML_provider_1
AWS API: DeleteIdentityProvider

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Managing SAML IdPs (AWS Management Console)

Integrating third-party SAML providers