Configuring SSO with AWS

This article explains how to setup SSO with Uptime.com as the SP and AWS as the IdP. Users can login to the User Portal URL provided by AWS or the WAYFless URL provided by Uptime.com, and use either to authenticate with Uptime.com for all account privileges associated with that login. SSO eliminates or dramatically reduces the need for multiple logins, as individuals maintain a single sign-on.  

SSO is available in all Uptime.com plans except the Basic plan.

AWS and Uptime.com have the following requirements before you can complete setup:

  • On the AWS Side: access to the AWS SSO console under an account that has proper permissions to manage applications.
  • On the Uptime.com Side: An Uptime account with administrator access to configure SAML SSO.

These instructions assume you’re logged into both Uptime.com and AWS.

Table of Contents

Step One: Enable Uptime.com AWS SSO

Return

Step one will enable AWS SSO, the Uptime.com application, and copy the required values to paste in Step Two on Uptime.com.

Enable AWS SSO

Login to your AWS Management Console, and search for AWS SSO under the Find Applications field. Click the AWS SSO application, and then click Enable SSO from the next screen.

Screenshot_1.png

Locate the Uptime.com Application

Click on Manage SSO Access to Your Cloud Applications, followed by Add a New Application. Search for Uptime.com and then click Add Application.

add-new-app.png

add-Uptime.png

Once the application is added, you will be taken to the Uptime page in the AWS SSO Console. Navigate to Details and fill in the Display name of the application. NOTE: AWS suggests using a unique display name if you plan to have more than one of the same application.

Download AWS SSO Certificate

Navigate to the AWS SSO Certificate and download it. You can copy and paste the text from any text editor directly to Uptime.com during step two.

Copy SSO URLs

Finally, copy the SSO Sign-In URL and SSO Issuer URL from AWS.

 

Step Two: Required Values for SSO Implementation from AWS and Uptime.com

Return

Step two will require visiting Uptime.com while logged in as an administrator. You will need to paste the AWS SSO Certificate contents, as well as the SSO Sign-In URL and SSO Issuer URL that you acquired at the end of step one. You will also download the Uptime.com Service Provider Metadata XML File, or copy two values from Uptime.com to paste into AWS during Step Three.

Paste the Certificate and SSO URL Values from AWS

First, click Settings>SSO, then navigate to Identity Provider's EntityID / Issuer and paste the SSO Issuer URL you received from AWS.

Next, navigate to SSO Target URL and paste the SSO Sign-In URL you received from AWS.

Finally, paste the contents of the AWS SSO Certificate into the Identity Provider's Certificate field.

Acquire the Required SSO Values from Uptime.com

Download the Uptime.com Service Provider Metadata XML File for upload to the Uptime.com application within AWS.

Alternatively, you can copy the following values from Uptime.com to paste into AWS:

  1. EntityID / Audience URI
  2. ACS URL / Consumer URL / Recipient

Step Three: Finalizing AWS SSO Setup

Return

To finalize your AWS SSO setup, return to your SSO Application Configuration page within AWS. Navigate to Application Metadata, then upload the Uptime.com Service Provider Metadata XML File.

Alternatively, you can paste the values you copied from Uptime.com in Step Two as follows:

 

Field

 

Value

Application ACS URL

 

ACS URL / Consumer URL / Recipient

Application SAML audience 

 

EntityID / Audience URI

 

Click Save Changes.

User Attributes

Uptime.com requires the following attributes sent through the AWS SSO configuration interface:

  • An SAML user unique identifier, expressed as: NameID / Subject NameID
  • The user's email, expressed as: Email  / User.Email  / eduPersonPrincipalName
  • The user's first name, expressed as: FirstName  / User.FirstName  / givenName
  • The user's last name, expressed as: LastName  / User.LastName  / sn

These attributes are case sensitive. You can use the bolded values above to identify these attributes.

The NameID is often an email address that matches the Email/User.Email value.

AWS has pre-configured user Attribute Mappings, and there is no need to update them further.

You can use the following example as a guide for mapping any additional attributes within the Uptime.com AWS application:

User attribute in the application

Maps to this string value or user attribute in AWS SSO

Format

Subject

${user:subject}

Transient

NameID

${user:AD_GUID}

Unspecified

Email

${user:email}

Unspecified

FirstName

${user:name}

Unspecified

LastName

${user:familyName}

Unspecified


Assign a User to AWS SSO

From the AWS SSO application page, click Directory. Click Add User and create a Group if you have not already done so. Assign the user the following required values:

  • Email Address
  • First Name
  • Last name
  • Display Name

Once the user details are configured, and a group has been assigned, the user will receive an email to log into AWS SSO.

Return to the AWS SSO Uptime.com Application. Click the Uptime.com application, followed by Assigned Users. Select the user(s) you would like to grant access to Uptime.com via SSO.

For additional assistance, see the documentation to assign a user to the application in AWS SSO. You may also view the AWS setup instructions for the Uptime.com SSO application.

Testing SSO Implementation

It’s important to confirm SSO implementation is working through AWS, or to receive feedback on the specific error that is causing an issue for your SSO implementation. To do so, return to the AWS SSO application page and click on the User Portal URL.

AWS will trigger a login and should display Uptime.com as a potential application. Clicking the application should successfully log the user into the Uptime.com dashboard his or her account was assigned to.

Note any error messages you receive and use the corresponding support articles to troubleshoot the issue: