AWS
Use these instructions to set up AWS as your SSO provider for Tonic.
You complete the following configuration steps within AWS SSO.
In the Applications section, click Add a new application.
Applications page in AWS SSO
Next, on the Add New Application page, click Add a custom SAML 2.0 application.
Add a custom SAML 2.0 application on the Add New Application page
From IAM Identity Center metadata, download your AWS SSO SAML metadata file URL. You will set this as the value of a Tonic environment variable.
IAM Identity Center metadata
Under Application properties, set Application start URL to your Tonic URL.
Application properties for the SAML application
Under Application metadata:
- 1.Click Manually type your metadata values.
- 2.Set Application ACS URL to your Tonic URL followed by
/api/sso/samllogin. - 3.Set Application SAML audience to
Tonic.
Application metadata for the SAML application
To create the application, click Submit.
Next, you need to configure the attribute mappings that Tonic requires.
For your new Tonic application, click Actions, then select Edit attribute mappings
Actions menu for the Tonic application
On the Attribute mappings tab, set up the following mappings:
- Map Subject to
${user:subject} - Map GivenName to
${user:givenName} - Map Email to
${user:email} - Map FamilyName to
${user:familyName} - Map Groups to
${user:groups}
Tonic attribute mappings
Set the following Tonic environment variables:
TONIC_SSO_PROVIDER- Set toAWSTONIC_SSO_IDENTITY_PROVIDER_ID- Set to the value of Identity store ID from the Settings page in AWS SSO.
Getting the Identify store ID from AWS SSO
TONIC_SSO_SAML_IDP_METADATA_XML_URL- Set to the IAM Identity Center SAML metadata file URL that you saved earlier.TONIC_SSO_GROUP_FILTER_REGEX- Set to a regular expression that matches the groups that you want Tonic to be aware of. For example, the expression.*Tonic.*allows all groups that contain the word "Tonic".
Last modified 18d ago