AWS Single Sign-On

Introduction
This guide will detail the various steps required to integrate AWS SSO as a SAML provider for your env0 organization. The current implementation supports SAML 2.0 and is used for authentication only, where you define your users in your AWS SSO account to enable them access to your env0 organization.
Steps
- Login to your AWS Account and navigate to the AWS SSO service.
- Click on the Applications tabs on the left-hand side menu.
- Click on the
Add a new application
button. - Select the
Add a custom SAML 2.0 application
button.

- Change the Display name and description
- Download the
AWS SSO Certificate
and copy theAWS SSO sign-in URL
- you will need to send those over to your account manager - Set the desired
Session duration
- In the
Application metadata
section click on theIf you don't have a metadata file, you can manually type your metadata values
link - In the
Application ACS URL
enter the followinghttps://login.app.env0.com/login/callback?connection={YOUR_ENV0_ORG_ID}
- In the
Application SAML audience
enterurn:auth0:env0:{YOUR_ENV0_ORG_ID}
- Click on the
Save changes
button - Go to the
Attribute mappings
tab - Add the following attributes:
Name | Value | Format |
---|---|---|
Subject | ${user:email} | unspecified |
${user:email} | unspecified | |
name | ${user:name} | unspecified |
lastName | ${user:familyName} | unspecified |
firstName | ${user:givenName} | unspecified |

- Go to the
Assigned users
tab and assign the relevant users and groups to the application - Please submit the
AWS SSO sign-in URL
and theAWS SSO Certificate
to https://www.env0.com/env0-setup-saml-single-sign-on
Updated about 1 year ago