\\
Amazon supports custom SAML 2.0 applications. See [https://docs.aws.amazon.com/singlesignon/latest/userguide/samlapps.html]\\
\\
!1. Amazon SSO SAML 2.0 Configurations:
\\
Open the IAM Identity Center Console [https://console.aws.amazon.com/singlesignon] and create a new custom application.\\
[custom_app.png]\\
\\
Configure the name, Application ACS URL, and SAML Audience, then submit the application.\\
{{{
Application ACS URL example:
https://your.crushftp.com/?u=SSO_SAML&p=none
}}}\\
{{{
SAML Audience example:
https://your.crushftp.com/?u=SSO_SAML&p=none
}}}\\
\\
[custom_app_settings.png]\\ 
\\
Configure the attribute mappings of your application.\\
\\
[custom_app_attribute_mappings_edit.png]\\
\\
Add new attribute mapping.\\
{{{
Maps to this string value or user attribute in IAM Identity Center:
${user:subject}
}}}\\
[csutom_app_new_attribute.png]\\
\\
__Warning:__ Assign users/groups to the created application!\\
\\
[custom_app_assign_users.png]\\
\\
!2. SAMLSSO plugin configuration\\
\\
Download the IAM Identity Center SAML metadata file.\\
{{{
[CrushFTP settings]                                 [Amazon SSO SAML 2.0 Configuration]
SAML Provider URL (EntityID)       ->             entityID
SAML Audience                      ->             Application SAML audience
IDP Redirect URL (HTTP-POST)       ->             SingleSignOnService SAML:2.0:bindings:HTTP-POST Location
SAML Issuer                        ->             IAM Identity Center SAML issuer URL
Base64 encoded PEM Signing certificate ->         <ds:X509Certificate> tag value of IAM Identity Center SAML metadata XML file
}}}
\\

\\
[custom_app_crushftp_settings.png]\\
\\