Explore documentation
AWS IAM Identity Center SSO
Learn how to connect AWS IAM Identity Center with Better Stack to enable single sign-on (SSO) for you and your colleagues.
SSO setup
- Go to Single Sign-On configuration.
- Click Connect on the Generic SAML SSO panel and select AWS IAM Identity Center.
- Copy the Entity ID and ACS URL.
In the AWS console
- Go to the IAM Identity Center.
- Go to Applications β Add Application.
- Select I have an application I want to set up and choose SAML 2.0 as the application type.
- Click Next.
- Set the Display name to
Better Stack. - Copy the IAM Identity Center SAML issuer URL.
- Download the IAM Identity Center Certificate.
- Under Application metadata, select Manually type your metadata values.
- Paste the ACS URL from Better Stack into the Application ACS URL field.
- Paste the Entity ID from Better Stack into the Application SAML audience field.
- Click Submit.
- Go to Actions β Edit attribute mappings.
- Set the Subject attribute to
${user:email}and format to emailAddress. - Add the following attribute mappings:
-
first_nameβ${user:givenName}(format: basic) -
last_nameβ${user:familyName}(format: basic) -
emailβ${user:email}(format: basic)
-
- Click Save changes.
- Click Assign users and groups and assign yourself to the application to test the connection. Ensure your user's email address matches the one used on Better Stack.
In Better Stack
- Go back to the SSO configuration page.
- Paste the IAM Identity Center SAML issuer URL you copied from AWS.
- Upload the X.509 Certificate file you downloaded from AWS.
- Click Connect. You will be redirected to AWS to sign in and confirm.
You're done. π