SSO - Amazon Web Services (AWS)

Allow Foxpass users to log in to AWS via SSO

SSO Configuration

Configuring AWS as a service provider

  1. Click the 'Add' button for Amazon Web Services on the SSO - Service Providers page.
Add AWS Service Provider

Add AWS Service Provider

  1. Give a name to the provider and Click 'Ok'.
Provide a name

Provide a name

  1. Click on the 'Metadata XML' button to download the Foxpass IDP Metadata XML file.
Download Metadata XML

Download Metadata XML

  1. Log in to your AWS account, go to IAM Management console, and under Access Management, click on Identity Providers. Click 'Add Provider' button on the top right, select provider type as "SAML", enter provider name as "Foxpass" and for the Metadata document, select the metadata file downloaded from step 3.
Add Provider in AWS

Add Provider in AWS

  1. In your AWS account, go to the Identity Providers page, select 'foxpass'. In the next screen, click on the 'Assign Role' button on the top right and select the "Create a new role" option.
Create a new role

Create a new role

Select foxpass as your SAML provider and select the option "Allow programmatic and AWS Management Console access". Click on Next: Permissions.

Select any necessary permissions or Administrator access depending on your requirements. Click on the Next: tags button, add any tags you want, and then click on the 'Next: review' button. Give a role name such as foxpass-sso-role and then click on the 'Create role' button.

  1. A. Go to your AWS roles page, select the newly created role such as foxpass-sso-role and copy the Role ARN as shown on the top.

    Copy role's ARN

    Copy role's ARN

    B. Go to your AWS identity providers page, select foxpass, and copy the ARN as shown under the Summary section.

    Copy IDP's ARN

    Copy IDP's ARN

  2. Go to Foxpass Console, SSO Service providers settings page, click on the 'Configure' button under Amazon Web Services to open the configuration dialog. In the Custom fields, add the following key-value pair (note the comma between the ARNs): Click on 'Save Custom Fields'.

key: aws_iam_info
value: ARN_ROLE_FROM_STEP_5A,ARN_IDENTITY_PROVIDER_FROM_STEP_5B

Optionally select any specific Users or Groups to be allowed for SSO and then click the Save button.

Configure Service Provider

Configure Service Provider

Login via Console

Go to SSO page in Foxpass. Click on 'Login' under AWS service provider.

Login to AWS

Login to AWS

Do not hesitate to reach out to us if you have any feedback or issues.