AWS Single Sign-On
User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Map Attributes in AWS SSO to Attributes in Your AWS Managed Microsoft AD Directory

You can use the following procedure to specify how your user attributes in AWS SSO should map to corresponding attributes in your Microsoft AD directory.

To map attributes in AWS SSO to attributes in your directory

  1. Open the AWS SSO console.

  2. Choose Connected directory.

  3. Under Attribute mappings, choose Edit attribute mappings.

  4. On the Edit attribute mappings page, find the attribute in AWS SSO that you want to map and then type a value in the text box. For example, you might want to map the AWS SSO user attribute email to the Microsoft AD directory attribute ${dir:windowsUpn}.

  5. Choose Save changes.