# FAQs

## What is SAML.to?

SAML.to allows GitHub Users and Repositories to assume AWS IAM Roles.

 The differences between other similar services and SAML to is:

* We do not maintain a database of users, passwords or tokens, we rely on GitHub to do so
* Relationship of Users and Roles is maintained in a Configuration File checked into a GitHub Repository
* We offer a Developer Friendly CLI and GitHub actions for assuming roles.

## Who can use SAML.to?

From individuals to enterprises. SAML.to works for anyone with one or more AWS Accounts, AWS Roles, GitHub Organizations, Teams and Users.

## Can SAML.to be used at the same time with another service (Okta, JumpCloud, AWS SSO) for role assumptions?

Yes! Trust Relationships can have **multiple statements**, meaning they can trust multiple identity providers. When adding SAML.to, [add another statement to the Trust Relationship](https://docs.saml.to/configuration/service-providers/aws-federated-roles/adding-roles#use-an-existing-role), leaving the existing statements unmodified.

<figure><img src="https://3725585497-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FBw4oESW5uc8R6R0nkdmD%2Fuploads%2F7FI6oQBg7hOA1YcK620l%2FScreen%20Shot%202023-01-15%20at%202.11.36%20PM.png?alt=media&#x26;token=e844bf44-9641-46e1-974e-1476ab6f9d06" alt=""><figcaption></figcaption></figure>

## How do I validate that the saml-to.yml is correct?

Check out the [Config Sync Action](https://docs.saml.to/usage/github-actions/config-sync-action#checking-saml-to.yml-for-errors).

### How is this different [OpenID Connect](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services) in GitHub Actions?

The OpenID Connect feature for GitHub is exclusively for Repositories in GitHub Actions. SAML.to does this as well, in addition to:

* Allow Users to assume the same roles on their laptop with a developer friendly CLI
* Multiple Role Assumptions in a Single Action Run

### Do I have to type the full Role ARN for a saml-to assume command?

[You can use part of the role name.](https://docs.saml.to/usage/cli/assume#suffix-matching)

### How do I assume multiple roles at the same time?

[Use Named Profiles](https://docs.saml.to/configuration/service-providers/aws-federated-roles/assuming-roles/aws-cli#named-profiles)

## Have another question?

[Submit an Issue on GitHub](https://github.com/saml-to/cli/issues/new/choose)

or

[Start a Discussion](https://github.com/saml-to/cli/discussions)

or

[Message us on Twitter](https://twitter.com/messages/compose?recipient_id=1475883605649940489)