Issue with using Google Workspace as Idp for AWS WorkSpace (using AWS MS AD Managed)

0

I'm trying to follow this guide to set up Google as Idp for AWS Workspace via SAML2.0.

https://docs.aws.amazon.com/workspaces/latest/adminguide/setting-up-saml.html

What I got working: AWS Workspace working with AWS Managed MS AD. Created user can log into Workspace with desktop App For Step 1 I downloaded the Metadata from Google SAML here Step 1

Then upload to AWS IAM to create an identity providers

Step1.1

Step 2-3: I created a role with an inline permission

step2-3

step2-3.1

Step 4:

step4 step4.1

Step 5: I created a custom attribute for the user to map to the Role value in AWS

step5

Step 6:

I put the Relay State on Start URL field in Google

step6

Step 7 Not sure what is the Idp deep link parameter name for Google so I leave it as RelayState

step7

When I tried to do Idp-initiated flow

step7.1

It open the right RelayState URL, then open the Workspace desktop app

step7.2

When I clicked Continue to Sign in to Workspace it gave this error

step7.3

My guess is something off with my Assertion mapping so when Workspace tries to get credentials from Google it errors out.

If anyone can help me point out where I did it wrong, it would be much appreciated. Thank you!

1 Answer
1

SAML integration with workspaces requires "IdP must support unsolicited IdP-initiated SSO with a deep link target resource or relay state endpoint URL" https://docs.aws.amazon.com/workspaces/latest/adminguide/setting-up-saml.html#setting-up-saml-requirements:~:text=unsolicited%20IdP%2Dinitiated%20SSO%20with%20a%20deep%20link%20target%20resource%20or%20relay%20state%20endpoint%20URL

Ensure google G Suite to support this "deep linking" feature (modifying the relay state URL for each session). From the doc, you found the certified idp is "ADFS, Azure AD, Duo Single Sign-On, Okta, PingFederate, and PingOne".

AWS
Samuel
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions