AWS SSO as Enterprise SAML Connection


I would like to configure AWS SSO as an Enterprise SAML Connection for one of our customers. I tried to cobble together the proper configuration by stealing bits of the examples here but I have not been able to get it working yet.

Currently, clicking “Test” on my SAML Connection redirects to AWS SSO but then I get an error “Missing nameId format of subject”.

Do you have an example of configuring AWS SSO as an Enterprise SAML Connection?

Just to be clear, I’m not trying to configure Auth0 as my AWS IdP, so this document does not apply

Here is some more information on what I tried:


  • configured a new application
  • set the Application ACS URL to https://<AUTH0 TENANT>
  • set the Application SAML audience to urn:auth0:<AUTH0 TENANT>:<AUTH0 CONNECTION NAME>
  • download the cert
  • assign a user

In Auth0:

  • configured an Enterprise SAML Connection
  • choose IdP domains
  • uploaded the cert, pasted the Sign In and Sign Out URLs from AWS SSO