This article will guide you through the steps to set up the Orca single sign-on integration with AWS.
AWS Management Console
1. Log in to the AWS Management Console then navigate to AWS SSO and select Applications
2. Select "Add a new application"
3. Next select 'Add a custom SAML 2.0 application'
4. Under 'Application Metadata' use the below schema for both Application ACS URL and Application SAML audience:
where "ACCOUNT_ID" is a unique string of your choosing. (in the below it's "panditalaap")
5. Click 'Save Changes' and then navigate to 'Attribute mappings' on the next screen
6. Under Attribute mappings for the first item add 'OrcaSecurity', then add the following three attributes (seen below):
"Email" with value Email
"FirstName" with value First Name
"LastName" with value Last Name
7. Click 'Save Changes' and then navigate to the 'Assigned users' tab to grant Orca access to your AWS Users
Configure Orca to use AWS SSO
Copy the below from AWS SSO to use in configuring SSO for your Orca Account
- “AWS SSO sign-in URL” —> paste in Orca under the “SSO Endpoint URL”
- AWS SSO issuer URL —> paste in Orca under “Issuer”
- Download AWS SSO Certificate, open in TextEdit or program of choice, and then paste the contents in Orca under “X509”
- Log in to Orca and navigate to Settings ( icon) from the main menu on the left.
- Select Integrations from the Settings submenu.
- In the SSO section, locate the SSO integration card and click Connect.
- Paste the info as detailed above.
- Click Save & Enable.
Your AWS users should be able to log in using AWS SSO