Skip to main content

Setting up SAML with AWS

Connect Whistleblower Software to AWS IAM identity center using SAML

Before you start

  • In AWS, you must have an account that is a member of an AWS Organization with permissions to manage applications in IAM Identity Center.

  • In Whistleblower Software, you must have either the Administrator or System Technician role to access Settings > Security.

  • SAML is available on the Advanced plan only.

Before users can sign in, make sure the following are in place or login will fail: signed responses or assertions must be enabled in your identity provider, and the Name ID must be mapped to the user's email address.

Steps

Step 1: Open AWS IAM identity center applications

Navigate to https://eu-central-1.console.aws.amazon.com/singlesignon/home#/applications.

Step 2: Add a custom SAML app

Click Add a new application, then select Add custom SAML app.

Step 3: Name the application

Give it a name such as "Whistleblower Software".

Step 4: Download the AWS SSO metadata file

In the AWS interface, download the AWS SSO metadata file. You will upload this into Whistleblower Software shortly.

Step 5: Upload the AWS metadata file into Whistleblower Software

Go to Settings > Security in Whistleblower Software. Enable Login with SAML. Under Identity provider metadata file, upload the metadata file you downloaded from AWS.

Step 6: Download the Whistleblower Software Metadata File

Still in Settings > Security, click Download next to Service provider metadata file to download the Whistleblower Software metadata file.

Step 7: Upload the Whistleblower Software metadata file into AWS

Back in the AWS interface, upload the metadata file you just downloaded from Whistleblower Software.

Step 8: Configure attribute mapping

Under Attribute mapping in AWS, add the following configuration:

  • Subject mapped to ${user:email}

  • first_name mapped to ${user:givenName}

  • last_name mapped to ${user:familyName}

  • email mapped to ${user:email}

Step 9: Save and assign users

Click Save changes. Then assign permissions to the users who need access to the application.

We’re here to support you. If you have questions reach out to us directly via the Messenger icon in the bottom right corner of your screen, or send us an email at [email protected]

Related Articles
Configure login and authentication
Setting up SAML with Google Workspace
Setting up SAML with Microsoft Azure
Setting up SAML with Okta
Setting up SAML with Ping
Did this answer your question?