How to Configure StackGen with AWS SAML
This guide walks you through configuring AWS Identity Center to integrate with StackGen using SAML. By completing these steps, you will be able to sign in to StackGen using your AWS credentials.
Before You Begin
Click to view
Before starting, make sure you have:
- AWS Identity Center access with permissions to create and manage custom applications.
- A valid StackGen organization domain (e.g.,
acme.cloud.stackgen.com). - Access to StackGen Admin Console or the ability to share connection details with the StackGen supportteam.
- Basic understanding of SAML authentication concepts (optional but helpful).
Create a Custom Application in AWS Identity Center
Click to view
To connect AWS and StackGen, you first need to set up a custom SAML 2.0 application in AWS Identity Center. This application defines how AWS communicates with StackGen during authentication.
- Sign in to the AWS Identity Center Console.
- Navigate to the Applications section.
- Click Add a new application > choose Custom SAML 2.0 application.
- Enter the following details:
-
Application Name: StackGen (or a descriptive name of your choice).
-
Application Start URL:
https://<your-domain>.cloud.stackgen.com- Example: If your domain is acme, use https://acme.cloud.stackgen.com.
-
Application ACS URL:
https://<your-domain>.cloud.stackgen.com/auth/callback -
Application SAML Audience:
stackgen-authenticator
-
- Copy the Application Sign-in URL. You’ll need this later.
- Download the IAM Identity Center Certificate.
Configure SAML Attributes
Click to view
Next, you’ll map AWS user attributes so StackGen can identify and authenticate your users.
-
Under application’s settings, navigate to Attribute mappings.
-
Map the following attributes:
Email → ${user:email}
Share Connection Details with StackGen
Click to view
Finally, provide StackGen with the details required to complete the integration. Send the following information to the StackGen supportteam.:
- The IAM Identity Center Sign-in URL that you copied.
- The IAM Identity Center Certificate you downloaded.
Once StackGen configures these details, your AWS SAML integration will be ready. Your users can now sign in through AWS Identity Center to access StackGen.
Next Steps
Click to view
Once your AWS SAML integration is set up:
-
Assign users or groups in AWS Identity Center:
- Navigate to your custom StackGen application in AWS Identity Center.
- Assign the appropriate users or groups who should have access to StackGen.
-
Test the login flow:
-
Open the Application Start URL:
https://<your-domain>.cloud.stackgen.com -
Try signing in with a user assigned to the application in AWS Identity Center.
-
-
Verify StackGen access
- Ensure the user lands on the StackGen Home page after authentication.
- Check that the email matches the attribute mapping you configured.
-
Roll out the authentication method to your team:
- Assign additional users or groups in AWS Identity Center as needed.
- Communicate the new login flow to your organization.
Troubleshooting
Click to view
If something doesn’t work as expected, check the following:
-
Certificate mismatch error: Ensure you shared the latest IAM Identity Center certificate with StackGen.
-
Login loop: Verify the ACS URL exactly matches the format:
https://<your-domain>.cloud.stackgen.com/auth/callback -
Invalid audience error: Confirm that the SAML Audience is set to
stackgen-authenticator. -
User not found: Make sure the Email attribute is correctly mapped to
${user:email}.
If issues persist, contact StackGen support with a screenshot of the error and your application configuration details.