AWS SSO SAML

Follow these steps to add AWS as the SAML SSO provider for your workspace:

  1. Open Buddy SSO settings in one browser tab and switch to SAML → AWS.
  2. In another tab, open the AWS SSO settings in the region where you enabled it.
Warning
AWS allows using SSO in one region at a time.
  1. Select Applications from the left navigation panel.
  2. Click Add a new application:

Image loading...

  1. Tick the Add a custom SAML 2.0 application box:

Image loading...

  1. Save the data required for SSO configuration in Buddy for later use: AWS SSO sign-in URL, AWS SSO issuer URL, and the certificate:

Image loading...

  1. Set the app's Display Name.
  2. In the Application metadata section, click the highlighted hyperlink:

Image loading...

  1. Fill in the form with the data copied from Buddy SSO configuration:

    • Application SAML audience
    • Application ACS URL
  2. Save the settings.
  3. Go to the settings page of the newly created SAML app.
  4. Go to Attribute mappings and set the Subject attribute to ${user:subject} and the format to unspecified. Save the settings.
  5. Go to Assigned users and add AWS SSO users according to your needs:

Image loading...

  1. Return to the Buddy SSO settings tab and provide the information you copied from the AWS SSO settings panel:

    • AWS SSO sign-in URL
    • AWS SSO issuer
    • Certificate → upload the AWS certificate that you downloaded
    • Signature / Digest Method → leave at Most popular
  2. Click Test configuration and enable SSO on success.
  3. Sign in to your AWS account to save the SSO configuration.

Last modified on Sep 23, 2024