AWS Single Sign-On
User Guide

Cloud Applications

You can use the AWS SSO application configuration wizard to include built-in SAML integrations to many popular cloud applications. Examples include Salesforce, Box, and Office 365. For a complete list of applications that you can add from the wizard, see Supported Applications.

Most cloud applications come with detailed instructions on how to set up the trust between AWS SSO and the application's service provider. You can find these instructions on the cloud applications configuration page during the setup process and after the application has been set up. After the application has been configured, you can assign access to the groups or users that require it.

Supported Applications

AWS SSO has built-in support for the following commonly used cloud applications.


AWS Support engineers can assist customers who have Business and Enterprise support plans with some integration tasks that involve third-party software. For a current list of supported platforms and applications, see Third-Party Software Support on the AWS Support Features page.

10000ft Detectify Igloo Redlock TalentLMS
4me Digicert ImageRelay RescueAssist TargetProcess
7Geese Dmarcian iSpring RingCentral TeamSupport
Accredible Docebo IT Glue Robin
Adobe Creative Cloud DocuSign JamaSoftware Rollbar TextMagic
Aha Dome9 Jamf Room Booking System ThousandEyes
AlertOps Domo Jenkins Salesforce TinfoilSecurity
AlertSite Drift JFrog Artifactory Samanage TitanFile
AnswerHub Dropbox Jira SAP BW ABAP Trakdesk
AppDynamics DruvaInSync Jitbit SAP CRM ABAP Trello
AppFollow Duo Jive SAP CRM Java Trend Micro Deep Security
Asana EduBrite SAP Enterprise Portal Java
Assembla Egnyte Kanbanize SAP ERP ABAP Uptrends
Atlassian eLeaP Keeper Security SAP EWM ABAP UserEcho
BambooHR Engagedly Kintone SAP Fiori ABAP UserVoice
BenSelect Envoy Klipfolio SAP GRC Access Control ABAP Velpic
BitaBIZ Evernote KnowledgeOwl SAP LMS Java Veracode
Bitglass Expensify Kudos SAP Netweaver ABAP VictorOps
BlueJeans Expiration Reminder LiquidFiles SAP Netweaver Java Vtiger
BMCRemedyforce External AWS Account LiquidPlanner SAP S/4 ABAP WayWeDo
Bonusly EZOfficeInventory Litmos SAP Solution Manager ABAP WeekDone
Box EZRentOut LiveChat SAP Solution Manager Java WhosOnLocation
Brandfolder Fastly LogMeInRescue SAP SRM ABAP Wordbee
Breezy HR Federated Directory Lucidchart SAP xMII Java Workable
Buddy Punch FileCloud ManageEngine ScaleFT Workfront
Bugsee FireHydrant MangoApps ScreenSteps Workplace by Facebook
BugSnag Fivetran Marketo Seeit Workstars
Buildkite Flock Metricly Wrike
CakeHR FogBugz Miro ServiceNow xMatters
Canvas Formstack MockFlow SimpleMDM XperienceHR
Chartio Fossa Mode Analytics Skeddly Yodeck
Chatwork Freshdesk Moodle Skilljar Zendesk
Circonus FreshService MuleSoft Anypoint Slack Zephyr
Cisco Webex Front MyWebTimeSheets Slemma Ziflow
CiscoMeraki G Suite NewRelic Zillable
CiscoUmbrella GitBook Nuclino Small Improvements Zoho
CitrixShareFile Github Office365 Smartsheet Zoom
Clarizen GitLab OnDMARC SnapEngage
ClickTime Glasscubes OpenVoice SonarQube
Cloud CMS GlassFrog OpsGenie SparkPost
CloudAMQP GorillaStack Pacific Timesheet
CloudCheckr GoToAssist PagerDuty Spotinst
CloudEndure GoToMeeting Panopta SproutVideo
CloudPassage GoToTraining Panorama9 Squadcast
CMNTY GoToWebinar ParkMyCloud Stackify
Confluence Grovo Peakon Status Hero
Convo HackerOne PhraseApp StatusCast
Coralogix HackerRank PipeDrive StatusDashboard
Cybozu Garoon HappyFox Pivotal Tracker StatusHub
Cybozu Mailwise Heap PlanMyLeave Statuspage
Cybozu Office PolicyIQ StoriesOnBoard HelpScout ProcessPlan Stormboard
Dashlane Honey ProdPad SugarCRM
Datadog SumoLogic
Declaree HostedGraphite Proxyclick SurveyGizmo
Deputy HubSpot PurelyHR SurveyMonkey
DeskPro Humanity Recognize Syncplicity
Deskradar IdeaScale Tableau

Add and Configure a Cloud Application

Use this procedure when you need to set up a SAML trust relationship between AWS SSO and your cloud application's service provider. Before you begin this procedure, make sure you have the service provider's metadata exchange file so that you can more efficiently set up the trust. If you do not have this file, you can still use this procedure to configure it manually.

To add and configure a cloud application

  1. In the AWS SSO console, choose Applications in the left navigation pane. Then choose Add a new application.

  2. In the Select an application dialog box, select the application you want to add from the list. Then choose Add.

  3. On the Configure <application name> page, under Details, type a Display name for the application, such as Salesforce.

  4. Under AWS SSO metadata, do the following:

    1. Next to AWS SSO SAML metadatafile, choose Download to download the identity provider metadata.

    2. Next to AWS SSO certificate, choose Download certificate to download the identity provider certificate.


    You will need these files later when you set up the cloud application from the service provider's website. Follow the instructions from that provider.

  5. (Optional) Under Application properties, you can specify additional properties for the Application start URL, Relay State, and Session Duration. For more information, see Application Properties.

  6. Under Application metadata, provide the Application ACS URL and Application SAML audience values.

  7. Choose Save changes to save the configuration.