Posted On: Feb 5, 2025
Today, Amazon Identity and Access Management (IAM) announced support for encrypted SAML assertions. SAML is an open standard that many identity providers (IdPs) use for federated single sign-on (SSO), enabling users or applications in your company to log into the Amazon Web Services Management Console or call Amazon API operations. You can now configure your identity provider to encrypt the SAML assertions that it sends to IAM. This ensures that your assertions are encrypted when passed through intermediaries (for example, the end user’s web browser).
You can use the Amazon IAM console, APIs, or CLI to configure SAML encryption for your identity providers that support encryption. Please refer to Amazon IAM and your identity provider’s product documentation for detailed configuration steps.
The new feature is available in Amazon Web Services China (Beijing) Region, operated by Sinnet and the Amazon Web Services China (Ningxia) Region, operated by NWCD. To learn more about this feature, please visit this documentation.