Amazon Web Services Attribute Mapping - PingOne for Enterprise

Page created: 2 Dec 2020 |

Page updated: 3 May 2021

| 1 min read

Product PingOne for Enterprise Configuration User task IDaaS Deployment Method Product documentation Content Type Single Sign-on (SSO) Capability Administrator Audience Managed service provider

PingOne will automatically populate required SAML attributes.

For Amazon Web Services, the required attributes are:

SAML_SUBJECT
https://aws.amazon.com/SAML/Attributes/Role
If you selected Set Up Provisioning, UserName (provisioning)

For SAML_SUBJECT:
1. In the Identity Bridge Attribute or Literal Value field, enter or select Username.
2. Click Advanced.
3. In the Name ID Format to send to SP field, enter or select urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
4. Click Save
For https://aws.amazon.com/SAML/Attributes/Role
1. In the Identity Bridge Attribute or Literal Value field, select the attribute that matches Role.
2. Click Advanced.
3. In the NameFormat field, select urn:oasis:names:tc:SAML:2.0:attrname-format:uri.
4. Click Save
The expected format for this attribute is
```
arn:aws:iam::<account-number>:role/<role-name>,arn:aws:iam::<account-number>:saml-provider/<provider-name>
```
To add an additional optional attribute, click Add new attribute.
In the Application Attribute field, enter the attribute name as it appears in the application.
In the Identity Bridge Attribute or Literal Value field, choose one of the following:
- Enter or select a directory attribute to map to the application attribute.
- Select As Literal, then enter a literal value to assign to the application attribute.
To create advanced attribute mappings, click Advanced.
For more information, see Create advanced attribute mappings.

Click Continue to Next Step.