2024-09-02 09:29:06 +02:00
---
title: SAML AWS SSO
slug: /security/saml/aws
collate: true
---
# SAML AWS SSO
Follow the sections in this guide to set up AWS SSO using SAML.
{% note %}
Security requirements for your **production** environment:
- **DELETE** the admin default account shipped by OM.
- **UPDATE** the Private / Public keys used for the [JWT Tokens ](/deployment/security/enable-jwt-tokens ) in case it is enabled.
{% /note %}
## Create OpenMetadata application
### Step 1: Configure a new Application in AWS Console
- Login to [AWS Console ](https://aws.amazon.com/console/ ) as an administrator and search for IAM Identity Center.
2025-06-27 12:22:38 +05:30
{% image src="/images/v1.9/deployment/security/saml/aws/saml-aws-1.png" alt="IAM-Identity-Center" /%}
2024-09-02 09:29:06 +02:00
- Click on `Choose your identity source` and configure as per security requirements.
2025-06-27 12:22:38 +05:30
{% image src="/images/v1.9/deployment/security/saml/aws/saml-aws-2.png" alt="identity-source" /%}
2024-09-02 09:29:06 +02:00
- After identity source is set up successfully, goto step 2 and click on `Manage Access to application` and add all the required users who need access to application.
2025-06-27 12:22:38 +05:30
{% image src="/images/v1.9/deployment/security/saml/aws/saml-aws-3.png" alt="manage-access" /%}
2024-09-02 09:29:06 +02:00
- Click on `Set up Identity Center enabled applications` , and click `Add application` , and select `Add custom SAML 2.0 application` .
2025-06-27 12:22:38 +05:30
{% image src="/images/v1.9/deployment/security/saml/aws/saml-aws-4.png" alt="saml-application" /%}
2024-09-02 09:29:06 +02:00
- Set Display Name to `OpenMetadata` , and download the metadata xml file and save it someplace safe, it is needed to setup OM Server
2025-06-27 12:22:38 +05:30
{% image src="/images/v1.9/deployment/security/saml/aws/saml-aws-5.png" alt="metadata-xml" /%}
2024-09-02 09:29:06 +02:00
- Click on `Manage assignments to your cloud applications` and select `OpenMetadata` from list of applications.
- Click on `Actions` and select `Edit Configurations` from list. Populate the shown values replacing `localhost:8585` with your `{domain}:{port}` and Submit.
2025-06-27 12:22:38 +05:30
{% image src="/images/v1.9/deployment/security/saml/aws/saml-aws-6.png" alt="edit-configuration" /%}
2024-09-02 09:29:06 +02:00
- Click on `Actions` again and select `Edit Attribute Mapping` from list. Populate the values as shown below and submit
2025-06-27 12:22:38 +05:30
{% image src="/images/v1.9/deployment/security/saml/aws/saml-aws-7.png" alt="edit-attribute" /%}
2024-09-02 09:29:06 +02:00
Send the Collate team the above information to configure the server.
