Configuring SSO with AWS (Amazon Web Services)

This article explains how to setup SSO with as the SP and AWS (Amazon Web Services) as the IdP. Users can login to the User Portal URL provided by AWS or the WAYFless URL provided by, and use either to authenticate with for all account privileges associated with that login. SSO eliminates or dramatically reduces the need for multiple logins, as individuals maintain a single sign-on.  

AWS and have the following requirements before you can complete setup:

  • On the AWS Side: access to the AWS SSO console under an account that has proper permissions to manage applications.
  • On the Side: An Uptime account with administrator access to configure SAML SSO.

These instructions assume you’re logged into both and AWS.

Table of Contents

Step One: Enable AWS SSO


Step one will enable AWS SSO, the application, and copy the required values to paste in Step Two on

Enable AWS SSO

Login to your AWS Management Console, and search for AWS SSO under the Find Applications field. Click the AWS SSO application, and then click Enable SSO from the next screen.


Locate the Application

Click on Manage SSO Access to Your Cloud Applications, followed by Add a New Application. Search for and then click Add Application.



Once the application is added, you will be taken to the Uptime page in the AWS SSO Console. Navigate to Details and fill in the Display name of the application. NOTE: AWS suggests using a unique display name if you plan to have more than one of the same application.

Download AWS SSO Certificate

Navigate to the AWS SSO Certificate and download it. You can copy and paste the text from any text editor directly to during step two.


Finally, copy the SSO Sign-In URL and SSO Issuer URL from AWS.


Step Two: Required Values for SSO Implementation from AWS and


Step two will require visiting while logged in as an administrator. You will need to paste the AWS SSO Certificate contents, as well as the SSO Sign-In URL and SSO Issuer URL that you acquired at the end of step one. You will also download the Service Provider Metadata XML File, or copy two values from to paste into AWS during Step Three.

Paste the Certificate and SSO URL Values from AWS

First, click Settings>SSO, then navigate to Identity Provider's EntityID / Issuer and paste the SSO Issuer URL you received from AWS.

Next, navigate to SSO Target URL and paste the SSO Sign-In URL you received from AWS.

Finally, paste the contents of the AWS SSO Certificate into the Identity Provider's Certificate field.

Acquire the Required SSO Values from

Download the Service Provider Metadata XML File for upload to the application within AWS.

Alternatively, you can copy the following values from to paste into AWS:

  1. EntityID / Audience URI
  2. ACS URL / Consumer URL / Recipient

Step Three: Finalizing AWS SSO Setup


To finalize your AWS SSO setup, return to your SSO Application Configuration page within AWS. Navigate to Application Metadata, then upload the Service Provider Metadata XML File.

Alternatively, you can paste the values you copied from in Step Two as follows:





Application ACS URL


ACS URL / Consumer URL / Recipient

Application SAML audience 


EntityID / Audience URI


Click Save Changes.

User Attributes requires the following attributes sent through the AWS SSO configuration interface:

  • An SAML user unique identifier, expressed as: NameID / Subject NameID
  • The user's email, expressed as: Email  / User.Email  / eduPersonPrincipalName
  • The user's first name, expressed as: FirstName  / User.FirstName  / givenName
  • The user's last name, expressed as: LastName  / User.LastName  / sn

These attributes are case sensitive. You can use the bolded values above to identify these attributes.

The NameID is often an email address that matches the Email/User.Email value.

AWS has pre-configured user Attribute Mappings, and there is no need to update them further.

You can use the following example as a guide for mapping any additional attributes within the AWS application:

User attribute in the application

Maps to this string value or user attribute in AWS SSO

















Assign a User to AWS SSO

From the AWS SSO application page, click Directory. Click Add User and create a Group if you have not already done so. Assign the user the following required values:

  • Email Address
  • First Name
  • Last name
  • Display Name

Once the user details are configured, and a group has been assigned, the user will receive an email to log into AWS SSO.

Return to the AWS SSO Application. Click the application, followed by Assigned Users. Select the user(s) you would like to grant access to via SSO.

For additional assistance, see the documentation to assign a user to the application in AWS SSO. You may also view the AWS setup instructions for the SSO application.

Testing SSO Implementation

It’s important to confirm SSO implementation is working through AWS, or to receive feedback on the specific error that is causing an issue for your SSO implementation. To do so, return to the AWS SSO application page and click on the User Portal URL.

AWS will trigger a login and should display as a potential application. Clicking the application should successfully log the user into the dashboard his or her account was assigned to.

Note any error messages you receive and use the corresponding support articles to troubleshoot the issue:

Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.

Have more questions?
Submit a request
Share it, if you like it.