Use this guide to create and configure your AWS SSO account as a single sign-on Identifier Provider (IdP) for your Skeddly account.

Step 1: Download the Skeddly metadata XML file

Download the Skeddly metadata XML file from https://app.skeddly.com/Content/saml/skeddly-metadata.xml

This file will be needed later.

Step 2: Create a Skeddly "application" in your AWS SSO account

1. In the AWS SSO Management Console, click "Applications" on the left navigation menu to go to the "Applications" section.

2. Click the "Add a new application" button.

3. Click on "Add a custom SAML 2.0 application".

4. Give your new application a meaningful name, like "Skeddly".

5. In the "Application SAML metadata file" field, upload the "skeddly-metadata.xml" file you downloaded previously.

6. Click "Save Changes".

7. Click on the "Attribute mappings" tab.

8. You now must configure the "Subject" attribute. It should already exist in your list of attributes.

Depending on the type of SSO directory you are using, please use the following values in the "Maps to this string value or user attribute in AWS SSO" column.

AWS SSO directory: use ${user:email}
Microsoft AD directory: use ${dir:email}
Something else? Choose an appropriate "email" attribute from https://docs.aws.amazon.com/singlesignon/latest/userguide/attributemappingsconcept.html?icmpid=docs_sso_console

In the "Format" column, choose transient.

Click "Save changes".

9. Return to the "Configuration" tab, and click "Download metadata file". This file will be needed for Step 3 below.

Important: If you have already downloaded the application's metadata file before now, then you must download it again now.

Step 3: Create an Identity Provider in Skeddly

Please follow these instructions to create your Skeddly Identity Provider.

Step 4: Configure Your Skeddly Application's Attributes

1. Return to the AWS SSO Management Console, and return to the "Attribute mappings" tab for your Skeddly application.

2. Add a new attribute by clicking "Add new attribute mapping".

3. In the "User attribute in the application" column, put https://skeddly.com/SAML/Attributes/Roles

4. In the "Maps to this string value or user attribute in AWS SSO" column, specify a comma-separated list of the following:

One and only one SRN of your Skeddly identity provider (that you created above). This can be copied from your identity provider's "view" page in your Skeddly account.
One or more SRNs of Managed Policies to be applied to the user when they are signed-in. These SRNs can be found in the Managed Policies pages in your Skeddly account.

For example, the value for this attribute could be:

srn:skeddly:idp::012345678:my-idp, srn:skeddly:policy:::standard

5. In the "Format" column, choose "unspecified".

6. Click "Save changes".

Step 5: Add Users to Your New Skeddly Application

Using the AWS SSO Management Console, add users to your Skeddly application from the "Assigned users" tab.

Your app should be ready to use now. Click the "Skeddly" app icon from the App SSO home page after signing-in.