HAQM OpenSearch Service supports SAML single sign-on for OpenSearch UI
HAQM OpenSearch Service now supports SAML (Security Assertion Markup Language) via IAM federation for the next-generation OpenSearch UI. OpenSearch UI is a modernized operational analytics experience that enables users to gain insights cross data spanning managed domains and serverless collections from a single endpoint. OpenSearch UI already supports authentication via AWS Identity & Access Management (IAM) and IAM Identity Center (IDC). With this feature, you can now configure the SAML identity federation between your identity provider and IAM, so that your end-users can have a Single Sign-On (SSO) experience, to login from your Identity Providers and land directly in OpenSearch UI.
With SAML support, you can define a Default Relay State URL so that your end-users can click on the URL to open the login page from your Identity Provider, complete the SSO, and then land directly on the page you defined in OpenSearch UI. You can also define fine-grained access control (FGAC) by mapping Identity Provider users and roles to IAM roles with different permissions in OpenSearch, so that you can easily manage user permissions as well as to track user activities from the Identity Provider.
OpenSearch UI supports SAML in all regions that OpenSearch UI is available. To get started, create an OpenSearch UI application and follow the instructions to complete the SAML configuration. Learn more at HAQM OpenSearch Service Developer Guide.