Amazon AWS federated authentication service allows users to log in to AWS Management Console using SAML (Security Assertion Markup Language) authentication.

SAML provides an open-standard for exchanging authentication and authorization information between parties, in particular, between an identity provider and a service provider. An identity provider (such as idQ Enterprise) is a service that manages user identities. Users who are authenticated by the identity provider can obtain a token to log in to AWS Management Console. 

idQ Enterprise provides passwordless authentication for logging into the AWS Management Console via SAML protocol. To be protected by idQ Enterprise platform, AWS Management Console needs to be integrated with idQ Enterprise.  idQ Enterprise enables users to securely log in to AWS Management Console by scanning idQ QR codes using an idQ Trusted Device. Authentication is performed by inBay’s idQ Enterprise platform located in the cloud.

This guide describes how to perform configuration to integrate AWS Management Console with idQ Enterprise so that users can log into a AWS Management Console through SAML authentication via idQ TaaS (SAML Identity Provider).



  1. Amazon AWS account with administrative privileges
  2. Need the Fully Qualified Domain Name (FQDN) of your organization's AWS.
  3. Need the FQDN of your organization's idQ Enterprise.
  4. AWS SAML SP Metadata XML file for IdQ Enterprise. This file can be found at: https://signin.aws.amazon.com/static/saml-metadata.xml.  Goto this URL and save this XML file to a file that is accessible from idQ Enterprise.


Email: support@inbaytech.com

  • No labels