# FAQs

## What is SAML.to?

SAML.to allows GitHub Users and Repositories to assume AWS IAM Roles.

 The differences between other similar services and SAML to is:

* We do not maintain a database of users, passwords or tokens, we rely on GitHub to do so
* Relationship of Users and Roles is maintained in a Configuration File checked into a GitHub Repository
* We offer a Developer Friendly CLI and GitHub actions for assuming roles.

## Who can use SAML.to?

From individuals to enterprises. SAML.to works for anyone with one or more AWS Accounts, AWS Roles, GitHub Organizations, Teams and Users.

## Can SAML.to be used at the same time with another service (Okta, JumpCloud, AWS SSO) for role assumptions?

Yes! Trust Relationships can have **multiple statements**, meaning they can trust multiple identity providers. When adding SAML.to, [add another statement to the Trust Relationship](https://docs.saml.to/configuration/service-providers/aws-federated-roles/adding-roles#use-an-existing-role), leaving the existing statements unmodified.

<figure><img src="/files/D7deT41HyO3ldSSPCrTx" alt=""><figcaption></figcaption></figure>

## How do I validate that the saml-to.yml is correct?

Check out the [Config Sync Action](https://docs.saml.to/pages/k8T42wEh5UH1NI1MMmH2#checking-saml-to.yml-for-errors).

### How is this different [OpenID Connect](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services) in GitHub Actions?

The OpenID Connect feature for GitHub is exclusively for Repositories in GitHub Actions. SAML.to does this as well, in addition to:

* Allow Users to assume the same roles on their laptop with a developer friendly CLI
* Multiple Role Assumptions in a Single Action Run

### Do I have to type the full Role ARN for a saml-to assume command?

[You can use part of the role name.](/usage/cli/assume.md#suffix-matching)

### How do I assume multiple roles at the same time?

[Use Named Profiles](/configuration/service-providers/aws-federated-roles/assuming-roles/aws-cli.md#named-profiles)

## Have another question?

[Submit an Issue on GitHub](https://github.com/saml-to/cli/issues/new/choose)

or

[Start a Discussion](https://github.com/saml-to/cli/discussions)

or

[Message us on Twitter](https://twitter.com/messages/compose?recipient_id=1475883605649940489)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.saml.to/faqs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.