- Newest
- Most votes
- Most comments
SAML integration with workspaces requires "IdP must support unsolicited IdP-initiated SSO with a deep link target resource or relay state endpoint URL" https://docs.aws.amazon.com/workspaces/latest/adminguide/setting-up-saml.html#setting-up-saml-requirements:~:text=unsolicited%20IdP%2Dinitiated%20SSO%20with%20a%20deep%20link%20target%20resource%20or%20relay%20state%20endpoint%20URL
Ensure google G Suite to support this "deep linking" feature (modifying the relay state URL for each session). From the doc, you found the certified idp is "ADFS, Azure AD, Duo Single Sign-On, Okta, PingFederate, and PingOne".
Response from AWS support team.
""" From case notes I understand that you are trying to set up the Google SSO for AWS workspace access and I do understand that you are currently using Google Single Sign-On (SSO) to access the AWS Management Console.
I would like to inform you that to use SAML 2.0 authentication with WorkSpaces, the identity provider (IdP) must support IdP-initiated deep linking for the relay state URL.
At this time, we are aware that Google Workspace do not support this capability and cannot be used with Amazon WorkSpaces SAML 2.0 integration.
Below article mentions a list of identity providers that do support IdP-initiated deep linking:
https://docs.aws.amazon.com/workspaces/latest/adminguide/setting-up-saml.html#
I hope this information proves useful. Please feel free to reach out if you have any further questions or concerns. """
Relevant content
- asked 3 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 5 months ago