- Newest
- Most votes
- Most comments
Unfortunately, there is currently no direct solution available for enabling AWS Client VPN access on mobile devices (Android and iOS) using SAML-based federated authentication, such as Microsoft Entra ID (formerly Azure Active Directory).
The limitation you've encountered is correct. When a Client VPN endpoint is configured to use SAML-based federated authentication, the OpenVPN-based VPN client applications typically used on mobile devices cannot be used to connect to the Client VPN endpoint. This is because these apps do not support the "auth-federate" keyword or the SAML authentication flow.
AWS Client VPN with SAML authentication requires the use of the AWS provided client, which is currently only available for Windows, macOS, and Linux. This client handles the SAML authentication process, including opening a browser window for user login and managing the SAML assertion exchange.
For mobile devices, there is no official AWS-provided client that supports this authentication method. The authentication workflow for SAML-based federated authentication involves steps that are not compatible with standard OpenVPN clients, such as opening a browser for IdP authentication and handling SAML assertions.
As of now, there is no publicly announced solution or development in progress to enable VPN access for mobile devices using SAML authentication with AWS Client VPN. If mobile access is crucial for your use case, you may need to consider alternative VPN solutions that support SAML authentication on mobile devices or explore other remote access options that are compatible with your authentication requirements and mobile platforms.
For the most up-to-date information on feature developments, it's recommended to keep an eye on AWS announcements or reach out to AWS support for any potential roadmap information regarding mobile support for SAML-authenticated Client VPN connections.
Sources
AWS Client VPN connections on Android and iOS applications - AWS Client VPN
Single sign-on — SAML 2.0-based federated authentication — in Client VPN - AWS Client VPN
Enable SAML for AWS Client VPN - AWS Client VPN
Relevant content
- Accepted Answerasked a year ago
- asked 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago