Difference between revisions of "Set up Google Workspace SSO via SAML for Amazon Web Services"
Jump to navigation
Jump to search
| (13 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | * https://support.google.com/a/answer/6194963 | ||
| + | == Google doc == | ||
| + | * [[Google Workspace]]: https://support.google.com/a/answer/6194963 | ||
| + | |||
| + | Step 1 should be ... | ||
| + | :<code>Step 1 Security -> Authentication -> SSO with Google as SAML IdP</code> | ||
| + | instead of... | ||
| + | :<code>Step 1 Security -> Set up single sign-on (SSO) for SAML applications.</code> | ||
| + | |||
| + | Step 2 should be ... | ||
| + | : ?.../... | ||
| + | instead of ... | ||
| + | :<code>On the Select Role Type page, under Role for Identity Provider Access, select Grant Web Single Sign-On (WebSSO) access to SAML providers.</code> | ||
| + | |||
| + | Misc: [[SSO URL]], [[Entity ID]], [[IdP metadata]] | ||
== Related documentation == | == Related documentation == | ||
* AWS documentation (2016): https://aws.amazon.com/blogs/security/how-to-set-up-federated-single-sign-on-to-aws-using-google-apps/ | * AWS documentation (2016): https://aws.amazon.com/blogs/security/how-to-set-up-federated-single-sign-on-to-aws-using-google-apps/ | ||
| + | :https://aws.amazon.com/SAML/Attributes/RoleSessionName | ||
| + | :https://aws.amazon.com/SAML/Attributes/Role | ||
| + | * AWS documentation (Jul 2020) [[How to use G Suite as an external identity provider for AWS SSO]] https://aws.amazon.com/blogs/security/how-to-use-g-suite-as-external-identity-provider-aws-sso/ | ||
* [[Google Workspace]]: https://support.google.com/a/answer/6194963 | * [[Google Workspace]]: https://support.google.com/a/answer/6194963 | ||
| Line 9: | Line 27: | ||
* [[AWS Role]]: Create a [[role]] for [[SAML]] federation https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html | * [[AWS Role]]: Create a [[role]] for [[SAML]] federation https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html | ||
* <code>[[SAMLResponse]]</code>: <code>[[Your request included an invalid saml response]]</code> | * <code>[[SAMLResponse]]</code>: <code>[[Your request included an invalid saml response]]</code> | ||
| + | * [[How to set up IAM federation using Google Workspace]] | ||
== See also == | == See also == | ||
Latest revision as of 07:18, 17 March 2022
Google doc[edit]
Step 1 should be ...
Step 1 Security -> Authentication -> SSO with Google as SAML IdP
instead of...
Step 1 Security -> Set up single sign-on (SSO) for SAML applications.
Step 2 should be ...
- ?.../...
instead of ...
On the Select Role Type page, under Role for Identity Provider Access, select Grant Web Single Sign-On (WebSSO) access to SAML providers.
Misc: SSO URL, Entity ID, IdP metadata
Related documentation[edit]
- AWS documentation (2016): https://aws.amazon.com/blogs/security/how-to-set-up-federated-single-sign-on-to-aws-using-google-apps/
- AWS documentation (Jul 2020) How to use G Suite as an external identity provider for AWS SSO https://aws.amazon.com/blogs/security/how-to-use-g-suite-as-external-identity-provider-aws-sso/
- Google Workspace: https://support.google.com/a/answer/6194963
Related[edit]
- AWS Role: Create a role for SAML federation https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html
SAMLResponse:Your request included an invalid saml response- How to set up IAM federation using Google Workspace
See also[edit]
- IdP, AWS IAM identity provider, Set up Google Workspace SSO via SAML for Amazon Web Services, OIDC
- SAML, IdP, Assertion, Attribute, SCIM, Amazon Cognito, OpenID Connect (OIDC), SAML response,
SAML:EduPersonOrgDN, Assertion Consumer Service (ACS), SAML examples,Entity ID,Name ID,SAMLResponse, saml-provider - Single sign-on: Okta, Red Hat Single Sign-On, Keycloak, SAML, ADFS, Access Management Magic Quadrant, Oracle Access Manager, AWS SSO, Azure Active Directory, Federated authentication, Google Workspace: set up SSO via SAML for Amazon Web Services, Login with, Microsoft account, Shibboleth
Advertising:
