AWS Single Sign-On
User Guide

Connect AWS SSO to an On-Premises Active Directory

Users in your on-premises Active Directory can also have SSO access to AWS accounts and cloud applications in the AWS SSO user portal. To do that, AWS Directory Service has the following two options available:

  • Create a two-way trust relationship – Two-way trust relationships created between AWS Managed Microsoft AD and an on-premises Active Directory enable on-premises users to sign in with their corporate credentials to various AWS services and business applications. One-way trusts will not work with AWS SSO. For more information about setting up a two-way trust, see When to Create a Trust Relationship in the AWS Directory Service Administration Guide.

  • Create an AD Connector – AD Connector is a directory gateway that can redirect directory requests to your on-premises Active Directory without caching any information in the cloud. For more information, see Connect to a Directory in the AWS Directory Service Administration Guide.


    AWS SSO does not work with SAMBA4-based Simple AD directories.