Page created: 22 Oct 2019 |
Page updated: 25 Jul 2022
You can configure AWS Identity and Access Management (IAM) and AWS IAM Identity Center session tag support for SAML connections in PingFederate.
- If you want to use OGNL expressions to populate the values of the AWS session tags, see Enable and disable expressions in the PingFederate documentation.
- Create an Amazon Web Services (AWS) console account and policy that uses session tags. For help, see AWS prerequisites in the PingAccess documentation.
- Open your service provider (SP) connection. Go to .
Extend the contract of the AWS SP connection.
- If you are using AWS SSO, include the access control tags based on the following
- If you are using AWS IAM, include the AWS Principal Tags and
TransitiveTagKeys, based on the following examples:
- If you are using AWS SSO, include the access control tags based on the following format:
- Go to .
Configure the attribute contract fulfillment for the AWS attributes.
Example 1: This example shows AWS IAM Identity Center attributes mapped directly from an HTML Form Adapter instance.Example 2: This example shows AWS IAM attributes mapped from a data source and manipulated by the OGNL expression language available in PingFederate.
- Click Save.