Security Assertion Markup Language 2.0 (SAML) is an open standard for exchanging identity and security information with applications and service providers. Applications and service providers that support SAML enable you to sign in using your corporate directory credentials, such as your user name and password from Microsoft Active Directory. With SAML, you can use single sign-on (SSO) to sign in to all of your SAML-enabled applications by using a single set of credentials.
By enabling SAML authentication, you also can manage access to your applications centrally. SAML-enabled applications delegate authentication requests to your corporate directory. When users are removed from your directory, they are no longer able to sign in.
You can enable SAML authentication for your AWS accounts by using AWS Identity and Access Management (IAM). You can add SAML support to your web and mobile apps running on the AWS Cloud by using Amazon Cognito.
Enabling SAML-based single sign-on (SSO) for your AWS accounts enables your users to sign in to the AWS Management Console, AWS API, and AWS Command Line Interface (CLI) using their corporate credentials.
You can enable SAML authentication for your AWS accounts using AWS Identity and Access Management (IAM) and your identity provider (IdP). Further, you can centrally manage SSO access for multiple AWS accounts and business applications using AWS Single Sign-On (SSO)
To learn more about enabling SAML for your AWS accounts with AWS IAM and an IdP, see the following additional resources:
- Identity Federation in the AWS Cloud
- Documentation: About SAML 2.0-based Federation
- Documentation: Enabling SAML 2.0 Federated Users to Access the AWS Management Console
- Documentation: Integrating Third-Party SAML Solution Providers with AWS
- Blog post: How to Implement Federated API and CLI Access Using SAML 2.0 and AD FS
- Blog post: How to Implement a General Solution for Federated API/CLI Access Using SAML 2.0
- Workshop: Choose Your Own SAML Adventure: A Self-Directed Journey to AWS Identity Federation Mastery
Adding SAML support to your web and mobile apps that run on the AWS Cloud enables users to sign in to your apps by using their corporate credentials.
You can add SAML support to your applications using Amazon Cognito. With Amazon Cognito, you can add user sign-up and sign-in to your web and mobile apps in minutes. You can also authenticate users through social identity providers, such as Facebook and Amazon, or by using your own identity system.
To learn more about adding SAML support to your web and mobile apps using Amazon Cognito, see the following additional resources:
- Documentation: Amazon Cognito Federated Identities
- Documentation: Federated Identities Concepts
- Documentation: External SAML Identity Provider
- Blog post: Announcing SAML Support for Amazon Cognito
- Blog post: Amazon Cognito User Pools supports federation with SAML
- Blog post: SAML for Your Serverless JavaScript Application: Part I
