Integrating AWS IAM Identity Center (SSO) with Datazoom

This guide provides instructions for configuring single sign-on (SSO) for your Datazoom account using AWS IAM Identity Center (formerly AWS SSO) as your identity provider. The process involves creating a SAML 2.0 application in your AWS account and sharing the configuration details with Datazoom.

Prerequisites

Before you begin, please ensure you have the following:

• Administrative access to your organization's AWS Management Console.

• AWS IAM Identity Center enabled in your AWS account.

• A User Pool ID and Cognito Domain URL provided by the Datazoom team. You will need these values to complete the steps below.

Access IAM Identity Center

1. In the AWS Management Console, navigate to IAM Identity Center.

2. Select Applications under Application assignments in the left menu.

Add a New Application

3. Click Add Application.

4. Choose I have an application I want to set up.

5. Select SAML 2.0 as the application type.

6. Click Next.

Configure Application

7. Display name: Enter a name for the application (e.g., Datazoom SSO).

8. Description: Provide a brief description of the application.

9. Download the IAM Identity Center SAML metadata file. Share this file with Datazoom for their Cognito configuration.

10. Under Application metadata, select Manually type your metadata values.

11. Fill in the following:

    • Application ACS URL:

      • Format: {cognito domain}/saml2/idpresponse

      • Example: https://us-east-1dsfgdhfdfgh.auth.us-east-1.amazoncognito.com/saml2/idpresponse

    • Application SAML audience:

      • Format: urn:amazon:cognito:sp:{user pool id}

      • Example: urn:amazon:cognito:sp:us-east-1_YTDVYoYcsd

Add Attribute Mappings

12. Configure the attribute mappings to map IAM Identity Center attributes to Cognito user attributes. Example:

Save and Assign Users

13. Save the application configuration.

14. Assign users or groups to the application in IAM Identity Center to grant access.