AWS SSO

Follow these steps to add AWS as the single sign-on provider for your workspace:

  1. Open Buddy SSO settings in one browser tab.
  2. In another tab, open AWS SSO settings in the region where you enabled it.

AWS allows using SSO in one region at a time.

  1. Select Applications from the left navigation panel.
  2. Click Add a new application:

  1. Tick the Add a custom SAML 2.0 application box:

  1. Save the data required for SSO configuration in Buddy for later use: AWS SSO sign-in URL, AWS SSO issuer URL, and the certificate:

  1. Set the app's Display Name.
  2. In the Application metadata section, click the highlighted hyperlink:

  1. Fill in the form with the data copied from Buddy SSO configuration:

    • Application ACS URL → ACS / SP Assertion Consumer Service / Single Sign-On from Buddy
    • Application SAML audience → SP Entity ID / Audience URI from Buddy

  2. Save the settings.
  3. Go to the settings page of the newly created SAML app.
  4. Go to Attribute mappings and set the Subject attribute to ${user:subject} and the format to unspecified. Save the settings.
  5. Go to Assigned users and add AWS SSO users according to your needs:

  1. Return to the Buddy SSO settings tab and provide the information you copied from the AWS SSO settings panel:

    • SSO URL / SAML Endpoint / Identity Provider Single Sign-On URL → AWS SSO sign-in URL from AWS
    • Issuer → AWS SSO issuer URL from AWS
    • Certificate → upload the AWS certificate you downloaded
    • Signature / Digest Method → leave at Most popular

  2. Click Test the configuration and enable the SSO on success.
  3. Sign in to your AWS account to save the SSO configuration.