AWS SSO SAML

Follow these steps to add AWS as the SAML SSO provider for your workspace:

1. Open Buddy SSO settings in one browser tab and switch to SAML → AWS.
2. In another tab, open the AWS SSO settings in the region where you enabled it.

3. Select Applications from the left navigation panel.
4. Click Add a new application:

5. Tick the Add a custom SAML 2.0 application box:

6. Save the data required for SSO configuration in Buddy for later use: AWS SSO sign-in URL, AWS SSO issuer URL, and the certificate:

7. Set the app's Display Name.
8. In the Application metadata section, click the highlighted hyperlink:

9. Fill in the form with the data copied from Buddy SSO configuration:

   • Application SAML audience
   • Application ACS URL
10. Save the settings.
11. Go to the settings page of the newly created SAML app.
12. Go to Attribute mappings and set the Subject attribute to ${user:subject} and the format to unspecified. Save the settings.
13. Go to Assigned users and add AWS SSO users according to your needs:

14. Return to the Buddy SSO settings tab and provide the information you copied from the AWS SSO settings panel:

    • AWS SSO sign-in URL
    • AWS SSO issuer
    • Certificate → upload the AWS certificate that you downloaded
    • Signature / Digest Method → leave at Most popular
15. Click Test configuration and enable SSO on success.
16. Sign in to your AWS account to save the SSO configuration.