Set up AWS SSO as your IdP - Amazon WorkSpaces Web

Set up AWS SSO as your IdP

The following steps describe how to set up AWS Single Sign-On to use with WorkSpaces Web. This setup does not include any advanced features, such as Directory Services support.

If this is your first time visiting AWS SSO, you will be prompted to enable the service, which involves setting up AWS Organizations. For more information, see What is AWS Organizations?.

To set up AWS SSO as your IdP

  1. From the AWS SSO console, choose Users, Add user, and enter the user's details.


    The email address entered will be used to send password reset requests.

  2. (Optional) Choose Next: Groups, create a new group to assign this user to and choose Add user.

  3. Choose Applications, Add a new application, and Add a custom SAML 2.0 application.

  4. In another tab, from the WorkSpaces Web console, follow steps 1-3 of Step 1: Create a web portal to download the service provider (SP) metadata file. Keep this tab open.

  5. Return to the AWS SSO console, and under Application Metadata, upload the downloaded SP metadata file.

  6. Under the AWS SSO Metadata section, choose Download for the AWS SSO SAML metadata file, and then choose Save changes to finish creating the AWS SSO Application.

  7. In the other tab, from the WorkSpaces Web console, follow step 5 and the remaining steps of Step 1: Create a web portal to upload the IdP metadata file and finish creating your web portal.

  8. To configure SSO Application for users, follow these steps from the AWS SSO console:

    1. Choose Attribute mappings and enter the following fields:

      • For User attribute in the application, enter Subject.

      • For Maps to this string value or user attribute in AWS SSO, enter ${user:email}.

      • For Format, enter emailAddress.

    2. Choose Assigned users to grant access to either an individual user or an entire group.

  9. Follow the steps in Step 2: Test the endpoint to validate setup.