AWS Single Sign-On | Directories and Applications Support

Question 1

In which AWS regions is AWS SSO is available?

Directories and Applications Support

AWS Single Sign-On | Security, Identity & Compliance

Answer 1

See the AWS Region Table for AWS SSO availability by Region.

Question 2

What directories can I use with AWS SSO?

Directories and Applications Support

AWS Single Sign-On | Security, Identity & Compliance

Answer 2

You can connect AWS SSO to Microsoft Active Directory, running either on-premises or in the AWS Cloud. AWS SSO supports AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, and AD Connector. AWS SSO does not support Simple AD. See AWS Directory Service Getting Started to learn more.

Question 3

Can I use my Amazon Cognito User Pools as the connected directory in AWS SSO?

Directories and Applications Support

AWS Single Sign-On | Security, Identity & Compliance

Answer 3

Not at this time. Today, AWS SSO only supports Microsoft Active Directory as a user directory. Other directory types may be added over time based on customer feedback and demand.

Question 4

Which cloud-based applications can I connect to using AWS SSO?

Directories and Applications Support

AWS Single Sign-On | Security, Identity & Compliance

Answer 4

You can connect the following applications to AWS SSO:

AWS Management Console: You can set up SSO access to the AWS Management Console.

Third-party SaaS applications: AWS SSO comes preintegrated with commonly used business applications. For a comprehensive list, see the AWS SSO console.

Custom SAML applications: AWS SSO supports applications that allow identity federation using SAML 2.0. For applications that are not preintegrated with AWS SSO, you can set up SSO by using the AWS SSO custom application wizard.

I manage users and groups in Active Directory on premises. How do I connect my directory to AWS SSO?

You have two options for connecting Active Directory–hosted on premises to AWS SSO: (1) Use a AWS Managed Microsoft AD trust relationship, or (2) use AD Connector.

AWS Managed Microsoft AD creates a fully managed Active Directory in the AWS Cloud and can be used to set up a forest trust relationship between your on-premises directory and AWS Managed Microsoft AD. To set up a trust relationship, see When to Create a Trust Relationship.

AD Connector is a directory gateway that can redirect directory requests to your on-premises Microsoft Active Directory without caching any information in the cloud. To connect an on-premises directory using AD Connector, see AD Connector.

I manage users and groups in AWS Identity and Access Management (IAM). Can I connect my directory to AWS SSO?

AWS SSO does not support AWS IAM users and groups at this time.