PingOne for Enterprise

Amazon Web Services Attribute Mapping

About this task

PingOne will automatically populate required SAML attributes.

For Amazon Web Services, the required attributes are:

Steps

  1. For SAML_SUBJECT:

    1. In the Identity Bridge Attribute or Literal Value field, enter or select Username.

    2. Click Advanced.

    3. In the Name ID Format to send to SP field, enter or select urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.

    4. Click Save

  2. For https://aws.amazon.com/SAML/Attributes/Role

    1. In the Identity Bridge Attribute or Literal Value field, select the attribute that matches Role.

    2. Click Advanced.

    3. In the NameFormat field, select urn:oasis:names:tc:SAML:2.0:attrname-format:uri.

    4. Click Save

    The expected format for this attribute is

    +

    arn:aws:iam::<account-number>:role/<role-name>,arn:aws:iam::<account-number>:saml-provider/<provider-name>

  3. To add an additional optional attribute, click Add new attribute.

  4. In the Application Attribute field, enter the attribute name as it appears in the application.

  5. In the Identity Bridge Attribute or Literal Value field, choose one of the following:

    Choose from:

    • Enter or select a directory attribute to map to the application attribute.

    • Select As Literal, then enter a literal value to assign to the application attribute.

  6. To create advanced attribute mappings, click Advanced.

For more information, see Create advanced attribute mappings.

Next steps

Click Continue to Next Step.