Set up IAM Identity Center as your IdP
The following steps describe how to set up AWS IAM Identity Center to use with WorkSpaces Web. This setup does not include any advanced features, such as Directory Services support.
If this is your first time visiting IAM Identity Center, you will be prompted to enable the service, which involves setting up AWS Organizations. For more information, see What is AWS Organizations?.
To set up IAM Identity Center as your IdP
-
From the IAM Identity Center console, choose Users, Add user, and enter the user's details.
Note
The email address entered will be used to send password reset requests.
-
(Optional) Choose Next: Groups, create a new group to assign this user to and choose Add user.
-
Choose Applications, Add a new application, and Add a custom SAML 2.0 application.
-
In another tab, from the WorkSpaces Web console, follow steps 1-3 of Step 1: Create a web portal to download the service provider (SP) metadata file. Keep this tab open.
-
Return to the IAM Identity Center console, and under Application Metadata, upload the downloaded SP metadata file.
-
Under the IAM Identity Center Metadata section, choose Download for the IAM Identity Center SAML metadata file, and then choose Save changes to finish creating the IAM Identity Center Application.
-
In the other tab, from the WorkSpaces Web console, follow step 5 and the remaining steps of Step 1: Create a web portal to upload the IdP metadata file and finish creating your web portal.
-
To configure IAM Identity Center Application for users, follow these steps from the IAM Identity Center console:
-
Choose Attribute mappings and enter the following fields:
-
For User attribute in the application, enter Subject.
-
For Maps to this string value or user attribute in IAM Identity Center, enter ${user:email}.
-
For Format, enter emailAddress.
-
-
Choose Assigned users to grant access to either an individual user or an entire group.
-
-
Follow the steps in Step 2: Test your web portal to validate setup.
