EnableSso
Enables single sign-on for a directory. Single sign-on allows users in your directory to access certain AWS services from a computer joined to the directory without having to enter their credentials separately.
Request Syntax
{
"DirectoryId": "string
",
"Password": "string
",
"UserName": "string
"
}
Request Parameters
The request accepts the following data in JSON format.
- DirectoryId
-
The identifier of the directory for which to enable single-sign on.
Type: String
Pattern:
^d-[0-9a-f]{10}$
Required: Yes
- Password
-
The password of an alternate account to use to enable single-sign on. This is only used for AD Connector directories. For more information, see the UserName parameter.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Required: No
- UserName
-
The username of an alternate account to use to enable single-sign on. This is only used for AD Connector directories. This account must have privileges to add a service principal name.
If the AD Connector service account does not have privileges to add a service principal name, you can specify an alternate account with the UserName and Password parameters. These credentials are only used to enable single sign-on and are not stored by the service. The AD Connector service account is not changed.
Type: String
Length Constraints: Minimum length of 1.
Pattern:
[a-zA-Z0-9._-]+
Required: No
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors.
- AuthenticationFailedException
-
An authentication error occurred.
HTTP Status Code: 400
- ClientException
-
A client exception has occurred.
HTTP Status Code: 400
- EntityDoesNotExistException
-
The specified entity could not be found.
HTTP Status Code: 400
- InsufficientPermissionsException
-
The account does not have sufficient permission to perform the operation.
HTTP Status Code: 400
- ServiceException
-
An exception has occurred in AWS Directory Service.
HTTP Status Code: 500
Examples
The following examples are formatted for legibility.
Example Request
This example illustrates one usage of EnableSso.
POST / HTTP/1.1 Host: ds.us-west-2.amazonaws.com Accept-Encoding: identity Content-Length: 80 X-Amz-Target: DirectoryService_20150416.EnableSso X-Amz-Date: 20161214T220301Z User-Agent: aws-cli/1.11.24 Python/2.7.9 Windows/7 botocore/1.4.81 Content-Type: application/x-amz-json-1.1 Authorization: AWS4-HMAC-SHA256 Credential=AKIAI7E3BYXS3example/20161214/us-west-2/ds/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=88acc99818605aa438eb86b5be59daecce370c7db16e5e84311508e575ea0515 { "UserName": "Admin", "DirectoryId": "d-926example", "Password": "Str0ngP@ssw0rd" }
Example Response
This example illustrates one usage of EnableSso.
HTTP/1.1 200 OK x-amzn-RequestId: fcd40ac9-c247-11e6-a7ca-f9a52a6a0390 Content-Type: application/x-amz-json-1.1 Content-Length: 2 Date: Wed, 14 Dec 2016 22:03:03 GMT { }
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: