Creating an Amazon Q Business application using Identity Federation through IAM

This section walks you through creating and configuring an Amazon Q Business application using IAM Federation to manage end user access.

Amazon Q Business supports identity federation through AWS Identity and Access Management. When you use identity federation, you can manage users with your enterprise identity provider (IdP) and use AWS Identity and Access Management to authenticate users when they sign in to Amazon Q Business.

You can use a third-party identity provider that supports Security Assertion Markup Language 2.0 (SAML 2.0) or OpenID Connect (OIDC) to provide an onboarding flow for your Amazon Q Business users. Such identity providers include Okta, Ping Identity, and Microsoft Entra ID.

Important

Amazon Q Business doesn't support OIDC for Google and Microsoft Entra ID.

With identity federation, your users get one-click access to their Amazon Q Business applications using their existing identity credentials. You also have the security benefit of identity authentication by your identity provider. You can control which users have access to Amazon Q Business using your existing identity provider.

Note

Federated groups aren't supported through IAM Federation. If you want to ingest federated groups, use the PutGroup API.

Topics

• Creating an Amazon Q Business application using IAM Federation through Okta
• Customizing an Amazon Q Business web experience
• Connecting multiple Amazon Q Business applications to an Identity Provider
• Making authenticated Amazon Q Business API calls using IAM federation
• Managing Amazon Q Business resources