Amazon (AWS) SAML

Tags: Flow on-prem

Important: These instructions apply only to Flow on-premises.


Below is a step-by-step guide for connecting your AWS account to Flow with SSO. Here is a list of all other SSO hosts we support. 

Configuring Your Amazon SSO Integration

Step 1: Go to your AWS organization account, you can search for “AWS Single Sign-On (SSO)”. Make sure the you have AWS SSO enabled. If you do not, take the steps to do so.

Step 2: Once you are authorized for SSO, go to the Single Sign-On Page that looks like this:

Step: 3 Select Applications.

Step 4: Select Add on a new application.

Step 5: Select the option Custom SAML 2.0 application and click Add.

Step 6: Scroll to the AWS SSO metadata section of the page. Сlick Download to download the SSO SAML metadata file. This will download to your computer, you will need this metadata to add within the Flow app.

Step 7: Copy this information to your clipboard. 

Step 8: In another tab, open your Flow App, starting on your Flow Home page go to the left navigation bar. At the bottom go to Settings > SSO.

Step 9: Select New SAML Integration.

Step 10: In the Configure SAML integration modal, fill out these four fields: 

  1.  Paste the metadata you just copied from the AWS SSO SAML metadata file.

  2. Login URL this is the entity ID which also doubles as your login URL, you can use your company name or division or team of the company in the field, whatever is most relevant.

  3. Embed Link is optional and should only be used if the main Entity ID does not work directly.

  4. Role Key - User roles will be mapped from the attribute value assertion via this key.

  5. Check this box if you want Flow to manage your user’s role. New users will be give a default role upon logging in.

  6. Merge New Users on Email - Check this box if you already have Users invited into your Flow account using non-SSO logins. This will automatically delete the previous logins and force all existing Users to login via your SSO platform.

  7. Fill in this field like it is shown: 'FirstName' 'LastName' 

  8. Fill in this field like it is shown: 'Email' - both of these fields are attributes that are mapped within AWS and correspond.

Step 11: After you have filled this out, you can click Save and you will be returned to this page, you will see your URL. Copy this URL to your clipboard, we will need to add this to the AWS account.

Step 12: Go back to your AWS webpage, scroll to the bottom where it says Application metadata and click on If you don't have a metadata file, you can manually type your metadata values.

Step 13: Fill out these fields: 

1. Application ACS URL*: Use the copied URL link from the Flow App in Step 12. 

2. Application SAML audience*--This identifies the audience [Service providers] to whom this assertion is intended for, most of the time this is just the name of your organization. It can be anything, but make this something that your end users can identify. 

3.Application start URL: Paste the same URL link as your did in the first box.

Step 14: Click Save changes.

Step 15: If you were successful your configuration will have been saved and you will see the following message: 

Step 16: Next go to the Attribute mappings tab. 

Step 17: Click Add new attribute mapping fields three times to three new attribute fields. 

This what your screen should look like: 

Step 18: Fill out these attributes, they are case sensitive. will be auto-populated, in the value section just add 'test' as a filler. 

1. Subject - test - unspecified

2. email - Email - unspecified

3. familyName - LastName - unspecified

4. givenName - FirstName - unspecified

Step 19: Click Save changes.

Step 20: You will get a confirmation that these have been added.

Step 21: The final step is to connect with the directory you have set up in AWS. Go to the Assigned Users tab and click connect your directory.

Step 22: You have successfully added your customer SAML application!

back to top

If you need help, please email for 24/7 assistance.