Search…
⌃K
Links

AWS

Use these instructions to set up AWS as your SSO provider for Tonic.

AWS configuration

You complete the following configuration steps within AWS SSO.

Create the SAML application

In the Applications section, click Add a new application.
Applications page in AWS SSO
Next, on the Add New Application page, click Add a custom SAML 2.0 application.
Add a custom SAML 2.0 application on the Add New Application page
From IAM Identity Center metadata, download your AWS SSO SAML metadata file URL. You will set this as the value of a Tonic environment variable.
IAM Identity Center metadata
Under Application properties, set Application start URL to your Tonic URL.
Application properties for the SAML application
Under Application metadata:
  1. 1.
    Click Manually type your metadata values.
  2. 2.
    Set Application ACS URL to your Tonic URL followed by /api/sso/samllogin.
  3. 3.
    Set Application SAML audience to Tonic.
Application metadata for the SAML application
To create the application, click Submit.

Configure attribute mappings for Tonic

Next, you need to configure the attribute mappings that Tonic requires.
For your new Tonic application, click Actions, then select Edit attribute mappings
Actions menu for the Tonic application
On the Attribute mappings tab, set up the following mappings:
  • Map Subject to ${user:subject}
  • Map GivenName to ${user:givenName}
  • Map Email to ${user:email}
  • Map FamilyName to ${user:familyName}
  • Map Groups to ${user:groups}
Tonic attribute mappings

Tonic configuration

Set the following Tonic environment variables:
  • TONIC_SSO_PROVIDER - Set to AWS
  • TONIC_SSO_IDENTITY_PROVIDER_ID - Set to the value of Identity store ID from the Settings page in AWS SSO.
Getting the Identify store ID from AWS SSO
  • TONIC_SSO_SAML_IDP_METADATA_XML_URL- Set to the IAM Identity Center SAML metadata file URL that you saved earlier.
  • TONIC_SSO_GROUP_FILTER_REGEX - Set to a regular expression that matches the groups that you want Tonic to be aware of. For example, the expression .*Tonic.* allows all groups that contain the word "Tonic".
For information on how to set Tonic environment variables, see Setting environment variables.