AWS SSO Setup In Next Gen

The article below takes you on the steps to setup AWS SSO with your Harness Next Gen Account :

Steps :

1.) We need to create a new application in AWS SSO also known as IAM Identity Center
2.) Go to AWS IAM Identity Center.
3.) Click on Applications and Add a new Application.
4.) Add a custom SAML 2.0 application

5.) On this screen, download the metadata and save it locally, then at the bottom, click:


6.) For ‘Application ACS URL’, provide the URL from the harness UI when setting up the SAML Provider(Setup->Authentication Settings->Add SSO Provider):

7.) For the ‘SAML Audience’, enter:

Now the changes we need to make to our Metadata XML.

In our current SAML implementation it expects the host that the SAML response is originating from to match the host that is in the SingleSignOnService URL in the metadata provided to harness. In the case of AWS, the SAML response originates from the ‘user portal’ address and not the host contained in the default metadata export AWS provides, for example:

So to workaround this, we need to login to the AWS console, and goto AWS SSO->Settings, and you should see the user portal section:

Copy this URL, and open the metadata in a text editor, and update the two SingleSignOnService URL’s with the user portal address(including /start), as such:

Now, upload this metadata to harness.

Also, you need to make the change to the Attributes mapping.

Now you can Test the Saml and then enable it and start using Harness controlled by AWS SSO.