Difference between revisions of "Set up Google Workspace SSO via SAML for Amazon Web Services"

• https://support.google.com/a/answer/6194963

Google doc[edit]

• Google Workspace: https://support.google.com/a/answer/6194963

Step 1 should be ...

Step 1 Security -> Authentication -> SSO with Google as SAML IdP

instead of...

Step 1 Security -> Set up single sign-on (SSO) for SAML applications.

Step 2 should be ...

 ?.../...

instead of ...

On the Select Role Type page, under Role for Identity Provider Access, select Grant Web Single Sign-On (WebSSO) access to SAML providers.

Misc: SSO URL, Entity ID, IdP metadata

Related documentation[edit]

• AWS documentation (2016): https://aws.amazon.com/blogs/security/how-to-set-up-federated-single-sign-on-to-aws-using-google-apps/

https://aws.amazon.com/SAML/Attributes/RoleSessionName

https://aws.amazon.com/SAML/Attributes/Role

• AWS documentation (Jul 2020) How to use G Suite as an external identity provider for AWS SSO https://aws.amazon.com/blogs/security/how-to-use-g-suite-as-external-identity-provider-aws-sso/
• Google Workspace: https://support.google.com/a/answer/6194963

Related[edit]

• AWS Role: Create a role for SAML federation https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html
• SAMLResponse: Your request included an invalid saml response
• How to set up IAM federation using Google Workspace

See also[edit]

• IdP, AWS IAM identity provider, Set up Google Workspace SSO via SAML for Amazon Web Services, OIDC
• SAML, IdP, Assertion, Attribute, SCIM, Amazon Cognito, OpenID Connect (OIDC), SAML response, SAML:EduPersonOrgDN, Assertion Consumer Service (ACS), SAML examples, Entity ID, Name ID, SAMLResponse, saml-provider
• Single sign-on: Okta, Red Hat Single Sign-On, Keycloak, SAML, ADFS, Access Management Magic Quadrant, Oracle Access Manager, AWS SSO, Azure Active Directory, Federated authentication, Google Workspace: set up SSO via SAML for Amazon Web Services, Login with, Microsoft account, Shibboleth