AWS IAM Identity Center SAML integration guide
This guide shows how to configure AWS IAM Identity Center as a SAML single sign-on identity provider (IdP) for your Redis Cloud account.
To learn more about Redis Cloud support for SAML, see SAML single sign-on.
Step 1: Setup your identity provider (IdP)
Create the AWS IAM Identity Center SAML application
Sign in to your AWS account.
From the main menu, search for IAM Identity Center (successor to AWS Single Sign-On).
Once in IAM Identity Center, select Applications.
Next, select Add application.
In the next screen, select Add custom SAML 2.0 application then Next.
The Configure Application screen is where you initially get the information needed to configure SAML in Redis Cloud. To begin, change the Display name and Description to Redis Cloud.
Next, scroll to the IAM Identity Center metadata section. Here, you will find all of the information needed to configure SAML in Redis Cloud:
- IAM Identity Center sign-in URL
- IAM Identity Center SAML issuer URL
- IAM Identity Center Certificate
Note down or copy the URLs and select Download to download the certification information.
Step 2: Configure SAML support in Redis Cloud
Now that you have your IAM Identity Center IdP server information, configure support for SAML in Redis Cloud.
Log in to your Redis Cloud account
Log in to your account at Redis Cloud console
Activate SAML in Access Management
To activate SAML, you must have a local user (or social sign-on user) with the
owner role. If you have the correct permissions, you will see the Single Sign-On tab.
Add the information you saved previously in the Configuration setup screen. This includes:
- Issuer (IdP Entity ID): IAM Identity Center SAML issuer URL.
- IdP server URL: IAM Identity Center sign-in URL.
- Assertion signing certificate: Drag and drop the certificate file you downloaded to disk in the form text area.
Select Enable and wait a few seconds for the status to change.
Select Download to get the service provider (SP) metadata. Save the file to your local hard disk.
Open the file in any text editor. Save the following text from the metadata:
Step 3: Finish SAML configuration in AWS IAM Identity Center’s Redis Cloud Application
Return to the Configuration setup screen in IAM identity Center. Scroll down to the bottom of the page and select Upload application SAML metadata file. Select upload and choose the file that you downloaded in the SAML configuration screen in Redis Cloud.
If you would like to also configure an IdP initiated workflow, fill in the relay state field in the Application properties section. Use this URL:
https://app.redislabs.com/#/login/?idpId=XXXXXX. Take the ID from the location URL in step 3 (the content after the last forward slash “/") and append to the URL.
Select Submit to finish creating the application.
Configure the Redis Cloud application’s attribute mappings. Select Actions > Edit Attribute Mappings.
In the next screen, add these attributes:
redisAccountMapping key-value pair consists of the lowercase role name (owner, member, manager, or viewer) and your Redis Cloud Account ID found in the account settings.
Step 4: Ensure that the Cloud account user has an IAM Identity Center user account
To complete SAML setup, ensure that the user who began SAML configuration in Redis Cloud console has a user defined in the AWS IAM identity center. This user account is required to complete the SAML setup.
Also, make sure that the user has been assigned to the Redis Cloud Application.
Step 5: Activate SAML integration
The final step in our SAML integration with AWS IAM identity Center is to activate the SAML integration.
A logout notification screen displays, letting you know that you are redirected to AWS IAM Identity Center’s login screen.
Enter you AWS IAM Identity Center credentials.
If everything is configured correctly, you should get a SAML activation succeeded message. From this point forward, users need to click SSO to log in to the Redis Cloud console.
A message displays, stating that your local user is now converted to a SAML user. Select Confirm.
You have successfully configured AWS IAM Identity Center as an identification provider.