Identity Provider: AWS Single Sign-on (AWS SSO)
AWS User permission: AWSSSOMemberAccountAdministrator (we didn't fully test the permission required, but just FYI)
setup idp link: https://portal.biganimal.com/setup-idp/GdU3LZmDC9XrrbpKmuOpR2AX6oJBDkxb with the below configuration. (Please note, customers should use their own URLs which were generated before the meeting. The URL here is just for testing and sharing.)
description: this is for SS AWS SSO test
organizationName: SS AWS
AWS Management Console
1. Go to AWS Single Sign-On
2. You will be asked to enable AWS SSO or switch to the region which has enabled AWS SSO. AWS Organizations supports AWS SSO in only one AWS Region at a time.
3. Go to Applications or Step 3 as below:
4. Add a new application
5. Add a custom SAML 2.0 application
6. Give a name to your application, and scroll down
7. Scroll down, click 'if you don't have a metadata file ....',
8. Copy 'Assertion Consumer Service URL' and 'Audience URI' from BigAnimal setup-idp link`
9. Save Changes
10. Switch to Attribute mappings
11. Add attributes as below and Save changes
12. Switch to Assigned users, and assign this application to the users.
BigAnimal Setup IDP
13. Go to BigAnimal Setup-idp link - > Setup Config https://portal.biganimal.com/setup-idp/GdU3LZmDC9XrrbpKmuOpR2AX6oJBDkxb
13.1 Single Sign-On URL could be copied from AWS SSO , Configuration, AWS SSO metadata, AWS SSO sign-in URL
13.2 Download the certificate from AWS SSO , Configuration, AWS SSO metadata, and upload to BigAnimal
13.3 Request Binding, choose 'HTTP POST'
13.4 Response Signature Algorithm, rsa-sha256 is recommended.
14. Test Connection and you will be prompted the AWS login page. Login with the user who has the access (Step 12)
15. If Test Connection is successful, then you can click 'Sign in to BigAnimal' to complete Sign Up process.
Good to know
Please kindly login BigAnimal via Portal with your email address
IDP-initiated is not supported.
So you may get the below error message if you try to access BigAnimal from AWS side
Related Topic: Steps to configure Auth0 as your Identity Provider (IDP)
Related tickets: https://enterprisedb.zendesk.com/agent/tickets/654