AWS Single Sign-On



This guide will detail the various steps required to integrate AWS SSO as a SAML provider for your env0 organization. The current implementation supports SAML 2.0 and is used for authentication only, where you define your users in your AWS SSO account to enable them access to your env0 organization.


  1. Login to your AWS Account and navigate to the AWS SSO service.
  2. Click on the Applications tabs on the left-hand side menu.
  3. Click on the Add a new application button.
  4. Select the Add a custom SAML 2.0 application button.
  1. Change the Display name and description
  2. Download the AWS SSO Certificate and copy the AWS SSO sign-in URL - you will need to send those over to your account manager
  3. Set the desired Session duration
  4. In the Application metadata section click on the If you don't have a metadata file, you can manually type your metadata values link
  5. In the Application ACS URL enter the following{YOUR_ENV0_ORG_ID}
  6. In the Application SAML audience enter urn:auth0:env0:{YOUR_ENV0_ORG_ID}
  7. Click on the Save changes button
  8. Go to the Attribute mappings tab
  9. Add the following attributes:
  1. Go to the Assigned users tab and assign the relevant users and groups to the application
  2. Please submit the AWS SSO sign-in URL and the AWS SSO Certificate to