Configure AWS accounts and roles for SAML SSO

To exchange authentication and authorization data between Amazon Web Services (AWS) and Okta, you must configure each AWS account for SAML access.

  1. Configure Okta as the identity provider for the AWS account. See Configure Okta as the AWS account identity provider.
  2. Add Okta as a trusted source for AWS roles. See Add Okta as a trusted source for AWS roles.

  3. Optional. Repeat steps 1 and 2 to add additional AWS accounts and roles that you want users to access.

    Make sure all of your accounts use the same SAML metadata and have the same name. Accounts with different SAML provider names or metadata documents are not accessible.

Next steps