AWS Single Sign-On
User Guide

Connect AWS SSO to an On-Premises Active Directory

If you want users in your on-premises Active Directory to also have SSO access to AWS accounts and cloud applications in the AWS SSO user portal, AWS Directory Service has the following two options available:

  • Create a two-way trust relationship – Two-way trust relationships created between AWS Managed Microsoft AD and an on-premises Active Directory enable on-premises users to sign in with their corporate credentials to various AWS services and business applications. One-way trusts will not work with AWS SSO. For more information about setting up a two-way trust, see When to Create a Trust Relationship in the AWS Directory Service Administration Guide.

  • Create an AD Connector – AD Connector is a directory gateway that can redirect directory requests to your on-premises Active Directory without caching any information in the cloud. For more information, see Connect to a Directory in the AWS Directory Service Administration Guide.


    AWS SSO does not work with SAMBA4-based Simple AD directories.