SAML 2.0

Please follow the steps below to configure your account. We currently only allow one source of authentication per account; so by configuring an SAML 2.0 provider, you must authenticate through only them. If we don't have a guide for your provider below, please contact us so we can help guide you through the process.

AWS IAM Identity Center

Prerequisites

• Access to an AWS account
• Access to the Enclave Management Console with a user that has the users.admin policy attached

Setup

1. In your IAM Identity center console, navigate to Applications and click Add Application.
2. Download your IAM Identity Center SAML metadata file.
3. Navigate to the Enclave Management Console and go to the SSO page under your Settings.
4. Select SAML 2.0, drop in your metadata file, name your IdP (AWS IAM Identity Center) and click Submit.
5. Copy the generated Entity ID and Application ACS URL that is generated and paste them back in the IAM Identity Center console in their relative fields under Application properties
6. Save your changes in the IAM Identity Center console.
7. Navigate to Edit Attribute Mappings and add the following mappings:

User attribute in the application	Maps to this string value or user attribute in IAM Identity Center	Format
Subject	${user:email}	emailAddress

8. Save the changes and test it out by logging into an user agent.