# SSO

**Introduction**

* Centrally manage Single Sign-On to access multiple accounts and 3rd party business applications.
* Integrated wth AWS Organizations, on-premise AD
* Supports SAML 2.0
* Centralized auditing with CloudTrail

**Feature**

* Options for Setting up with AD
  * Standalone AWS Managed Microsoft AD
  * AD Connector to on-premise AD
  * AWS Managed Microsoft AD with 2-way forest trust with on-premise AD
* Regular AssumeRoleWithSAML vs SSO
  * AssumeRoleWithSAML Steps:&#x20;
    * Client talks to 3rd party IdP login portal to get SAML response
    * send SAML to STS to get credentials.
  * AWS SSO Steps:
    * Client talks to AWS SSO login portal which directly talks to identity store that is compatible with SAML 2.0 then returns the credential to client.&#x20;
  * Advantages to use AWS SSO:
    * Doesn't need the 3rd party login portal.
    * Simplifying 2 steps into 1.