Federated Access

Architecture

Integrate external identity providers for AWS access:

• SAML 2.0 integration with enterprise IdPs (Okta, Azure AD, ADFS)
• OIDC for web identity federation (GitHub, Google, custom providers)
• AWS IAM Identity Center for centralized SSO

When to Use

• Enterprise SSO with existing identity providers
• CI/CD pipelines needing AWS access (GitHub Actions, GitLab CI)
• Kubernetes workloads with IRSA (IAM Roles for Service Accounts)
• Mobile or web applications with social login

Considerations

• Trust policy must specify the correct federated principal
• Session duration limits apply to federated sessions
• Condition keys can restrict access by audience, subject, or claims