Skip to main content

Single Sign-On with AWS offers a quick integration for SSO with AWS.

Request SSO access from


Only account admins can request single sign-on access for their accounts.

To set up your AWS SSO, you'll first need to email and write that you want to set up AWS SAML SSO for

Include these items in the message:

  • Your account ID.
  • The last six characters of your account token

The Support team will respond with the connection information needed to set up your AWS SSO.

Set a custom SAML app in AWS

Log into your AWS SSO dashboard.

Click on Applications located on the left-hand menu. Then, click on Add a new application > Add a custom SAML application.

Create SAML app

Name your application and give it a short description. Then, download the AWS SSO certificate.

Download certificate

Under Application properties, enter the Application start URL given to you by, and set the Session duration to 12 hours.

Download certificate

Next, in Application metadata, click on the link located underneath the browse button. Enter the ACS URL and Application SAML audience given to you by support. You'll need to paste the Single Sign-on URL to the Application ACS URL, and Audience URI to Application audience.

Set entity ID

Click on the Attribute mappings tab.

Add a new attribute called email and the variable ${user:email}.

To configure groups you'll need to add another attribute mapping called groups and the variable ${user:groups}.

Read more about attribute mapping for AWS.

Adding attributes

Click on Save changes to create your app.

Send your SAML details to

Draft a new email to Support, and include these items:

  • Your zipped SAML Signing Certificate.
  • Your AWS SSO sign-in URL.

SAML details

When Support has received the information and created your AWS + connection, you'll receive confirmation that your AWS SSO is ready to go, and you can start logging in to through your AWS account.

Assign users to's SSO connection

In your main SAML application you've just created, navigate to the Assigned users tab and click on Assign users. Here you can choose and add all relevant users from your organization who can use your new SSO connection.


Users must also have a account to use the new SSO feature.

Assign users