I Can Follow Instructions

It isn't possible to enable and configure AWS Single Sign-On using infrastructure-as-code: The AWS SDK simply does not provide access.

danger

Although the AWS and Azure instructions are detailed and lengthy, they're often out of date, inconsistent, and difficult to follow. Probably because they're detailed and lengthy.

Believe us, we really tried.

Here's an example. There are two separate AWS SSO integration applications in Azure AD: The legacy integration, and then the one that works. By default, you're going to see the old one featured prominently. Don't click that one.

It's way better to follow our picture story in "Same Thing With Pictures."

I Have the Patience of a Saint

Let's test that claim.

Start from https://docs.aws.amazon.com/singlesignon/latest/userguide/azure-ad-idp.html on AWS.

Follow https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/aws-single-sign-on-provisioning-tutorial on Azure AD.

At the time of writing, they're both wrong.

I Regret Saying I Have the Patience of a Saint

Told you so. Check the picture version and we'll get you sorted.

I Can Follow Instructions

I Have the Patience of a Saint​

I Regret Saying I Have the Patience of a Saint​

I Have the Patience of a Saint

I Regret Saying I Have the Patience of a Saint