AWS Directory Service
API Reference

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.


Enables single sign-on for a directory. Single sign-on allows users in your directory to access certain AWS services from a computer joined to the directory without having to enter their credentials separately.

Request Syntax

{ "DirectoryId": "string", "Password": "string", "UserName": "string" }

Request Parameters

The request accepts the following data in JSON format.


The identifier of the directory for which to enable single-sign on.

Type: String

Pattern: ^d-[0-9a-f]{10}$

Required: Yes


The password of an alternate account to use to enable single-sign on. This is only used for AD Connector directories. For more information, see the UserName parameter.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Required: No


The username of an alternate account to use to enable single-sign on. This is only used for AD Connector directories. This account must have privileges to add a service principal name.

If the AD Connector service account does not have privileges to add a service principal name, you can specify an alternate account with the UserName and Password parameters. These credentials are only used to enable single sign-on and are not stored by the service. The AD Connector service account is not changed.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [a-zA-Z0-9._-]+

Required: No

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.


For information about the errors that are common to all actions, see Common Errors.


An authentication error occurred.

HTTP Status Code: 400


A client exception has occurred.

HTTP Status Code: 400


The specified entity could not be found.

HTTP Status Code: 400


The account does not have sufficient permission to perform the operation.

HTTP Status Code: 400


An exception has occurred in AWS Directory Service.

HTTP Status Code: 500


The following examples are formatted for legibility.

Example Request

POST / HTTP/1.1 Host: Accept-Encoding: identity Content-Length: 80 X-Amz-Target: DirectoryService_20150416.EnableSso X-Amz-Date: 20161214T220301Z User-Agent: aws-cli/1.11.24 Python/2.7.9 Windows/7 botocore/1.4.81 Content-Type: application/x-amz-json-1.1 Authorization: AWS4-HMAC-SHA256 Credential=AKIAI7E3BYXS3example/20161214/us-west-2/ds/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=88acc99818605aa438eb86b5be59daecce370c7db16e5e84311508e575ea0515 { "UserName": "Admin", "DirectoryId": "d-926example", "Password": "Str0ngP@ssw0rd" }

Example Response

HTTP/1.1 200 OK x-amzn-RequestId: fcd40ac9-c247-11e6-a7ca-f9a52a6a0390 Content-Type: application/x-amz-json-1.1 Content-Length: 2 Date: Wed, 14 Dec 2016 22:03:03 GMT { }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: