Integrate AWS SSO (SAML 2.0)

Overview

QueryPie supports integrating users from AWS IAM Identity Center with multiple cloud applications via SAML 2.0. You can synchronize users, grant access, and apply policies.

Add QueryPie as an application in AWS IAM Identity Center

1. Go to AWS IAM Identity Center .
2. Open the Applications menu in the left panel.
3. Click Add application at the top right.
4. Select Add a custom SAML 2.0 application and click Next.
5. In Application configuration > Display name, enter QueryPie.
6. In Application properties > Application start URL, enter your QueryPie domain as below.
   1. Application Start URL: https://{querypie_host}
7. Enter the following in Application metadata:
   1. Application ACS URL: https://{querypie_host}/saml/sp/acs
   2. Application SAML audience: https://{querypie_host}/saml/sp/metadata
8. Click Submit to save.

Attribute mappings for QueryPie integration

1. In the application page, open Actions > Edit attribute mappings at the top right.
2. Refer to the screenshot and enter values as follows.

Click Save changes.

Configure AWS IAM Identity Center integration in QueryPie

• Go to Administrator > Admin > General > System > Integration, and under Authentication select Identity Provider.
• Click Add and register the IdP with Type = SAML.
  • Name : Enter a suitable name for identification.
  • Type : Select SAML.
  • Identity Provider Metadata : In AWS, go to Application > Actions > Edit configuration and download the IAM Identity Center SAML metadata file. Paste the SAML metadata XML content here.
• Click Save.

Sign in to QueryPie with SAML

Click Login with SAML on the login page to authenticate with AWS and sign in to QueryPie.