AWS AppStream Single Sign On (SSO)
miniOrange provides a ready to use solution for AWS AppStream. This solution ensures that you are ready to roll out secure access to AWS AppStream to your employees within minutes.

AWS AppStream

miniOrange provides secure access to AWS AppStream for enterprises and full control over access of AWS applications. Single Sign On (SSO) into your AWS AppStream account with one set of login credentials.

Follow the Step-by-Step Guide given below for AWS AppStream Single Sign On (SSO)

Step 1: Configure AWS AppStream in miniOrange

  1. Login to miniOrange Admin Console.
  2. Go to Apps >> Manage Apps. Click Configure Apps button.
  3. Click on SAML tab. Select AWS AppStream App.
  4. Get the SP Entity ID or Issuer from the metadata (https://signin.aws.amazon.com/static/saml-metadata.xml). You will find the value in the first line against entityID. It is set to urn:amazon:webservices but may vary for non-US regions.
  5. Make sure the ACS URL is: https://signin.aws.amazon.com/saml . This might vary for non-US regions in which case you would find it in metadata ( https://signin.aws.amazon.com/static/saml-metadata.xml) as Location attribute of AssertionConsumerService.
  6. Click on Show Advanced Settings. Against Relay State select Custom Attribute Value & enter https://console.aws.amazon.com.
  7. Enable Override RelayState.
  8. You can set another value for relay state depending on where you want to redirect the user after SSO.
  9. aws appstream sso configuration

  10. Go to the Add Policy and select DEFAULT from the Group Name dropdown.
  11. Now enter the AWS AppStream in the Policy Name field.
  12. Select PASSWORD from the First Factor Type dropdown.
  13. Click on Save button to configure AWS AppStream.
  14. aws appstream sso add policy

  15. Once the App is added, click on the Metadata link, download metadata file and keep with you which you will require later.
  16. aws appstream sso saml metadata

Step 2: Setting SAML in AWS AppStream

aws appstream sso click on create provider button

Step 3: Configure Provider in AWS AppStream

Step 5: Onboard users into our system

  1. Click on Users >> Add User.
  2. aws appstream sso add user

  3. Here, fill the user details without the password and then click on the Create User button.
  4. aws appstream sso add user details

  5. Click on On Boarding Status tab. Check the email, with the registered e-mail id and select action Send Activation Mail with Password Reset Link from Select Action dropdown list and then click on Apply button.
  6. aws appstream sso click on email link

  7. Now, Open your email id. Open the mail you get from miniOrange and then click on the link to set your account password.
  8. On the next screen, enter the password and confirm password and then click on the Reset Password button.
  9. aws appstream sso reset password

  10. Now, you can login into miniOrange account by entering your credentials.

Step 6: Login to AWS AppStream using miniOrange


For Further Details:

https://docs.aws.amazon.com/appstream2/latest/developerguide/external-identity-providers.html
https://docs.aws.amazon.com/appstream2/latest/developerguide/external-identity-providers-further-info.html
We offer Security Solutions of Single Sign-On, Two Factor Authentication, Fraud Prevention and much more.
Please call us at +1978 658 9387 or email us at info@miniorange.com