Amazon Web Services Attribute Mapping
About this task
PingOne will automatically populate required SAML attributes.
For Amazon Web Services, the required attributes are:
-
SAML_SUBJECT
-
If you selected Set Up Provisioning,
UserName (provisioning)
Steps
-
For
SAML_SUBJECT
:-
In the Identity Bridge Attribute or Literal Value field, enter or select Username.
-
Click Advanced.
-
In the Name ID Format to send to SP field, enter or select urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
-
Click Save
-
-
For
https://aws.amazon.com/SAML/Attributes/Role
-
In the Identity Bridge Attribute or Literal Value field, select the attribute that matches
Role
. -
Click Advanced.
-
In the NameFormat field, select urn:oasis:names:tc:SAML:2.0:attrname-format:uri.
-
Click Save
The expected format for this attribute is
+
arn:aws:iam::<account-number>:role/<role-name>,arn:aws:iam::<account-number>:saml-provider/<provider-name>
-
-
To add an additional optional attribute, click Add new attribute.
-
In the Application Attribute field, enter the attribute name as it appears in the application.
-
In the Identity Bridge Attribute or Literal Value field, choose one of the following:
Choose from:
-
Enter or select a directory attribute to map to the application attribute.
-
Select As Literal, then enter a literal value to assign to the application attribute.
-
-
To create advanced attribute mappings, click Advanced.
For more information, see Create advanced attribute mappings.
Next steps
Click Continue to Next Step.