Use these instructions to set up AWS as your SSO provider for Tonic Structural.

AWS configuration

You complete the following configuration steps within AWS SSO.

Create the SAML application

In the Applications section, click Add a new application.

Next, on the Add New Application page, click Add a custom SAML 2.0 application.

From IAM Identity Center metadata, download your AWS SSO SAML metadata file URL. You will set this as the value of a Structural environment setting.

Under Application properties, set Application start URL to your Structural URL.

Under Application metadata:

  1. Click Manually type your metadata values.

  2. Set Application ACS URL to your Tonic URL followed by /api/sso/samllogin.

  3. Set Application SAML audience to Tonic.

To create the application, click Submit.

Configure attribute mappings for Structural

Next, you need to configure the attribute mappings that Structural requires.

For your new Structural application, click Actions, then select Edit attribute mappings

On the Attribute mappings tab, set up the following mappings:

  • Map Subject to ${user:subject}

  • Map GivenName to ${user:givenName}

  • Map Email to ${user:email}

  • Map FamilyName to ${user:familyName}

  • Map Groups to ${user:groups}

Structural configuration

In the Structural web server container, set the following Structural environment settings:


  • TONIC_SSO_IDENTITY_PROVIDER_ID - Set to the value of Identity store ID from the Settings page in AWS SSO.

  • TONIC_SSO_SAML_IDP_METADATA_XML_URL- Set to the IAM Identity Center SAML metadata file URL that you saved earlier.

  • TONIC_SSO_GROUP_FILTER_REGEX - Identifies the allowed groups for Structural. For details, go to Synchronizing SSO groups with Tonic Structural.

Last updated