Enabling sso for aws login
Hello,
I am trying to configure SSO using MS AD.
I followed this documentation for the configuration.
[https://aws.amazon.com/blogs/contact-center/configure-single-sign-on-using-microsoft-azure-active-directory-for-amazon-connect/#::text=Log%20in%20to%20the%20Azure%20AD%20portal%20with%20your%20Azure%20AD%20subscription.&text=Select%20Amazon%20Web%20Services%20(AWS,is%20added%20to%20your%20tenant.](https://aws.amazon.com/blogs/contact-center/configure-single-sign-on-using-microsoft-azure-active-directory-for-amazon-connect/#::text=Log%20in%20to%20the%20Azure%20AD%20portal%20with%20your%20Azure%20AD%20subscription.&text=Select%20Amazon%20Web%20Services%20(AWS,is%20added%20to%20your%20tenant.)
While testing the app, I am getting error, as in attachment.
Also, what will be the tenant url to be put in,
I tried 
https://signin.aws.amazon.com/saml
But not working.
Thanks,
- Newest
- Most votes
- Most comments
As Gary said, if you are trying to configure SSO for general authentication into the AWS Console, you are following the wrong guide. The process is not the same for configuring SSO into Amazon Connect. You will want to start over, remove the resources you created in AWS and Azure, and use the service AWS IAM Identity Center (https://aws.amazon.com/iam/identity-center/), and configure that with your identity provider (i.e., Azure AD). If you are doing this for a corporation, I strongly suggest you deploy Control Tower first, as it will help you get setup with AWS IAM Identity Center, AWS Organizations, and get you started with a best practices deployment. Either way, follow the documentation in your account (https://docs.aws.amazon.com/singlesignon/latest/userguide/azure-ad-idp.html) to configure both AWS and Azure AD. Hope this helps!
Your doc link is for amazon connect not SSO for identity centre.
Here’s ident centre https://docs.aws.amazon.com/singlesignon/latest/userguide/azure-ad-idp.html
The tenant URL is the url of your Microsoft Azure AD tenant. Not AWS
Hello,
Please note that the process for configuring single sign-on using Microsoft Azure Active Directory for Amazon Connect and process for configuring IAM Identity Center(SSO) using Microsoft Azure AD are different.
As per my understanding, you would like to configure IAM Identity Center(SSO) for general authentication into the AWS Console using Microsoft Azure AD. However, the documentation you are referring to is related to Configuring single sign-on using Microsoft Azure Active Directory for Amazon Connect.
So if you want to configure IAM Identity Center(SSO) using Microsoft Azure AD , you need to remove the resources that you created previously in AWS, Azure and use the AWS IAM Identity Center(SSO) Service for facilitating Single Sign-on capabilities. For more information on configuring SSO using Azure AD please refer the below documentation[2].
To answer your query regarding Tenant URL, a tenant represents an organisation. It's a dedicated instance of Azure AD that an organisation or app developer receives at the beginning of a relationship with Microsoft. Each Azure AD tenant is distinct and separate from other Azure AD tenants. Please note that you need to give the url of your Microsoft Azure AD tenant in the Tenant URL section.
I hope you find the above information helpful.
References: [1] https://aws.amazon.com/iam/identity-center/
[2] https://docs.aws.amazon.com/singlesignon/latest/userguide/azure-ad-idp.html
Relevant content
- asked a year ago
- Accepted Answerasked a year ago
AWS OFFICIALUpdated 10 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
Nice answer. Thanks Joel