AWS SSO Integration with JumpCloud (SAML 2.0)
Purpose
Configure AWS SSO using JumpCloud as the Identity Provider, so users can sign in to AWS via JumpCloud SAML.
Prerequisites
- JumpCloud admin access
- AWS IAM admin access
- Ability to download + upload metadata XML files
- Defined user groups in JumpCloud (optional but recommended)
Step-by-Step Instructions
Step 1 – Configure Identity Provider (JumpCloud)
1. Login into " console.jumpcloud.com "
2. Go to SSO → search AWS → Click Configure
3. Click on configure
4. Name display name any what you want( AWS SSO)
5.Then Click on activate
6. Download the Metadata from the Jumpcloud once you activate.
Step 2 – Configure Service Provider (AWS)
1. Login into AWS console " aws.amazon.com "
2. Goto all services -> identity Provider -> IAM
3. Click on Create Provider
4. Name the provider name ( Jumpcloud)
5. Upload the Metadata that downloaded from Jumpcloud.
6. Hit add provider.
Step 3 – Create IAM Roles for Access
1. Under the All services -> IAM -> select Roles
2. Click on create roles
3. Select SAML 2.0 roles
4. Select the attributes roles to create the roles for particular services.
5. Hit Next and allow the roles then hit create roles.
Save changes.
Done ✅
From now on, users will login to AWS via JumpCloud SSO.
Expected Result / Validation
Users will now be able to login to AWS via JumpCloud SSO (IdP initiated or SP initiated) and will be mapped to the correct AWS role based on assignments.
FAQs
1) Do I need to configure attributes manually?
In most standard AWS SSO setups with JumpCloud, default SAML mapping works. Custom attribute mapping is required only in advanced multi-role scenarios.
2) Can I assign different AWS roles to different users?
Yes. Just assign different IAM roles and map them through user groups in JumpCloud.
3) Does this work with multiple AWS Accounts?
Yes. You can upload the same IdP metadata to multiple AWS accounts and assign roles individually.
4) Can inactive devices block SAML login?
No. SSO is identity based, not device based.
