SAML.to
  • Introduction
  • Installation
  • Configuration
    • Identity Providers
      • GitHub
    • Service Providers
      • AWS (Federated Roles)
        • Assuming Roles
          • AWS CLI
          • AWS SDKs
          • Docker
          • Terraform
          • Kubernetes
        • Adding Users
        • Adding AWS Accounts
        • Adding Roles
        • Roles for GitHub Actions
    • Configuration Reference
      • Substitutions
  • FAQs
  • Usage
    • CLI
      • login
      • assume
      • list-roles
    • GitHub Actions
      • Assume AWS Role Action
      • Config Sync Action
  • Advanced Usage
    • AWS
      • CloudWatch Dashboard Sharing
Powered by GitBook
On this page
  • What is SAML.to?
  • Who can use SAML.to?
  • Can SAML.to be used at the same time with another service (Okta, JumpCloud, AWS SSO) for role assumptions?
  • How do I validate that the saml-to.yml is correct?
  • How is this different OpenID Connect in GitHub Actions?
  • Do I have to type the full Role ARN for a saml-to assume command?
  • How do I assume multiple roles at the same time?
  • Have another question?

FAQs

PreviousSubstitutionsNextUsage

Last updated 2 years ago

What is SAML.to?

SAML.to allows GitHub Users and Repositories to assume AWS IAM Roles.

The differences between other similar services and SAML to is:

  • We do not maintain a database of users, passwords or tokens, we rely on GitHub to do so

  • Relationship of Users and Roles is maintained in a Configuration File checked into a GitHub Repository

  • We offer a Developer Friendly CLI and GitHub actions for assuming roles.

Who can use SAML.to?

From individuals to enterprises. SAML.to works for anyone with one or more AWS Accounts, AWS Roles, GitHub Organizations, Teams and Users.

Can SAML.to be used at the same time with another service (Okta, JumpCloud, AWS SSO) for role assumptions?

Yes! Trust Relationships can have multiple statements, meaning they can trust multiple identity providers. When adding SAML.to, , leaving the existing statements unmodified.

How do I validate that the saml-to.yml is correct?

The OpenID Connect feature for GitHub is exclusively for Repositories in GitHub Actions. SAML.to does this as well, in addition to:

  • Allow Users to assume the same roles on their laptop with a developer friendly CLI

  • Multiple Role Assumptions in a Single Action Run

Do I have to type the full Role ARN for a saml-to assume command?

How do I assume multiple roles at the same time?

Have another question?

or

or

Check out the .

How is this different in GitHub Actions?

OpenID Connect
Submit an Issue on GitHub
Start a Discussion
Message us on Twitter
add another statement to the Trust Relationship
Config Sync Action
Use Named Profiles
You can use part of the role name.