AWS Single Sign-On

Introduction

This guide will detail the various steps required to integrate AWS SSO as a SAML provider for your env0 organization. The current implementation supports SAML 2.0 and is used for authentication only, where you define your users in your AWS SSO account to enable them access to your env0 organization.

Steps

1. Login to your AWS Account and navigate to the AWS SSO service.
2. Click on the Applications tabs on the left-hand side menu.
3. Click on the Add a new application button.
4. Select I have an application I want to set up.
5. Select the SAML 2.0

6. Enter the Display name and Description
7. Configure the User and group assignment method section
8. In the AWS access portal set the Application URL to be https://app.env0.com/login/sso
9. Click on the Next button
10. In the IAM Identity Center metadata section download the IAM Identity Center Certificate and copy the IAM Identity Center sign-in URL
11. In the Application properties set the Application start URL to https://app.env0.com/login/sso
12. Set the desired Session duration
13. In the Application metadata section click on the If you don't have a metadata file, you can manually type your metadata values link
14. In the Application metadata section, under Application ACS URL enter the following https://login.app.env0.com/login/callback?connection={YOUR_ENV0_ORG_ID}
15. In the Application SAML audience enter urn:auth0:env0:{YOUR_ENV0_ORG_ID}
16. Click on the Submit button
17. In the Action Dropdown select Edit Attribute mappings
18. Add the following attributes:

🚧

Groups Mapping with AWS SSO

The groups attribute in AWS SSO currently supports the UUID of the groups and not the actual name of the group.

This means that if you set the groups attribute we will sync the groups based on their UUID.

14. Click on Assigned users button and assign the relevant users and groups to the application
15. Please submit the AWS SSO sign-in URL and the AWS SSO Certificate to https://www.env0.com/env0-setup-saml-single-sign-on