Using Amazon Web Services Single Sign-On as your identity provider

Prerequisites

  • To connect BigAnimal to Amazon Web Services Single Sign-On (AWS SSO), your AWS account must have administrator access.

  • A unique URL and access code are provided in an email from cloudcare@enterprisedb.com. Contact cloudcare@enterprisedb.com if you don't receive the email. The URL becomes invalid after you set up your identity provider with BigAnimal. For issues with the code or identity provider setup, contact Support.

Set up BigAnimal with AWS SSO

  1. To access the Set Up Identity Provider page in BigAnimal, open the link in the email sent from cloudcare@enterprisedb.com.

  2. You will be copying and pasting between BigAnimal and AWS so in a separate browser tab or window log into your AWS account and go to the AWS SSO console.

  3. Choose Enable AWS SSO if SSO isn't already enabled on your account.

    Note

    You may need to switch to a region where SSO is enabled. AWS Organizations support SSO in only one region at a time.

  4. Navigate to the Applications page by either selecting Applications from the left navigation pane or selecting the link in step 3 on the Welcome to AWS Single Sign-On page.

  5. On the Applications page, select Add a new application. On the Add New Application page:

    1. Select Add a custom SAML 2.0 application.

    2. Name the application in the Display Name field. The application will be visible to your users under this name.

  6. At the bottom of the page under Application metadata, select the link "If you don't have a metadata file...".

    1. Open the Set Up Identity Provider page in BigAnimal.

    2. Copy the following information from BigAnimal and paste it into the Application metadata section.

      Copy from BigAnimalPaste into Application Metadata
      Assertion Consumer Service URLApplciation ACS URL
      Audience URIApplication SAML audience
  7. Select Save changes at the bottom of the AWS page.

  8. Go to your newly-created application (appearing under its display name) and select the Attribute mappings tab.

  9. Enter your desired attribute configuration. We reccomend the following:

    User attribute in the applicationMaps to this string value or user attribute in AWS SSOFormat
    Subject${user:email}emailAddress
    <assertion_path>/givenname${user:givenName}basic
    <assertion_path>/surname${user:familyName}basic
    <assertion_path>/name${user:preferredUsername}basic
    <assertion_path>/emailaddress${user:email}basic

    Where <assertion_path> is http://schemas.xmlsoap.org/ws/2005/05/identity/claims.

  10. Go to the Assigned users tab and select the Assign users button to allow users access to the application.

  11. Go to the Configuration tab and scroll down to the AWS SSO metadata section.

    1. Copy the AWS SSO sign-in URL.

    2. Select Download certificate to install the AWS SSO certificate.

  12. On the Setup Identity Provider page in BigAnimal, select the Setup Config tab.

    1. Paste the AWS SSO sign in URL into the Single Sign-On URL field.

    2. Select Choose File and choose the AWS SSO certificate from your files.

    3. Select HTTP-POST for the Request Binding.

    4. Enter a Response Signature Algorithm. We reccomend rsa-sha256.

    5. Select Test Connection.

    6. Enter the AWS user credentials that you granted access.

    7. If the Test Connections is successful, then select Sign in to BigAnimal to complete the setup process in the BigAnimal portal.