After careful consideration, we decided to end support for Amazon FinSpace, effective October 7, 2026. Amazon FinSpace will no longer accept new customers beginning October 7, 2025. As an existing customer with an Amazon FinSpace environment created before October 7, 2025, you can continue to use the service as normal. After October 7, 2026, you will no longer be able to use Amazon FinSpace. For more information, see [Amazon FinSpace end of support](https://docs.aws.amazon.com/finspace/latest/userguide/amazon-finspace-end-of-support.html). 

# Setting up SAML based single sign-on (SSO) with Amazon FinSpace
Setting up SAML based single sign-on

**Important**  
Amazon FinSpace Dataset Browser will be discontinued on *March 26, 2025*. Starting *November 29, 2023*, FinSpace will no longer accept the creation of new Dataset Browser environments. Customers using [Amazon FinSpace with Managed Kdb Insights](https://aws.amazon.com/finspace/features/managed-kdb-insights/) will not be affected. For more information, review the [FAQ](https://aws.amazon.com/finspace/faqs/) or contact [AWS Support](https://aws.amazon.com/contact-us/) to assist with your transition.

When you use SAML based SSO, you can manage users with your enterprise identity provider (IdP). You can use a third-party identity provider that supports through Security Assertion Markup Language 2.0 (SAML 2.0) to provide a simple on-boarding flow for your Amazon FinSpace users. Such identity providers include Microsoft Windows Active Directory Federation Services and Okta among others.

With SSO, your users get one-click access to their FinSpace applications using their existing identity credentials. You also have the security benefit of identity authentication by your identity provider. You can control which users have access to FinSpace using your existing identity provider.

** **Topics** **
+ [

# Tutorial: Setup an Identity Provider with your Amazon FinSpace environment
](setup-idp-finspace.md)
+ [

# Tutorial: Creating an Amazon FinSpace environment with Okta SSO
](tutorial-idp-okta-sso.md)
+ [

# Tutorial: Creating an Amazon FinSpace environment with IAM Identity Center
](tutorial-idp-aws-sso.md)
+ [

# Tutorial: Creating an Amazon FinSpace environment with AD FS
](tutorial-idp-ADFS-sso.md)

# Tutorial: Setup an Identity Provider with your Amazon FinSpace environment
Tutorial: Setup an Identity Provider

**Important**  
Amazon FinSpace Dataset Browser will be discontinued on *March 26, 2025*. Starting *November 29, 2023*, FinSpace will no longer accept the creation of new Dataset Browser environments. Customers using [Amazon FinSpace with Managed Kdb Insights](https://aws.amazon.com/finspace/features/managed-kdb-insights/) will not be affected. For more information, review the [FAQ](https://aws.amazon.com/finspace/faqs/) or contact [AWS Support](https://aws.amazon.com/contact-us/) to assist with your transition.

You can integrate any SAML 2.0 compliant IdP when creating a new Amazon FinSpace environment.

## Prerequisites


Before creating a FinSpace environment with SAML based SSO, do the following:

Inside your organization's network, configure your identity store, such as Windows Active Directory, to work with a SAML-based IdP. SAML based IdPs include Microsoft Windows Active Directory Federation Services, Okta, and so on.

## Step 1: Generate a SAML metadata document


Using your IdP, generate a metadata document that describes your organization as an identity provider. You will need the metadata document or the URL to the metadata document when creating the FinSpace environment.

## Step 2: Determine the SAML attribute for email


Determine the SAML attribute name that contains the email address in the SAML assertion. Email address is required to identify the user in FinSpace. For example, `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`. Check your IdP documentation for details. You will need the SAML attribute when creating the FinSpace environment.

## Step 3: Create a FinSpace environment


Create a [FinSpace environment](create-an-amazon-finspace-environment.md). Once the FinSpace environment is ready, copy and save the **Redirect / Sign-in url** and **URN** from the Summary section of the environment page. You will need the parameters for configuration in the IdP.

## Step 4: Create an application for FinSpace in your IdP


Once the environment is created, add an application for FinSpace in your IdP and use the **Redirect / Sign-in url** and **URN** where appropriate.

## Step 5: Assign users to the newly created FinSpace application in your IdP


Once the application is added, assign users to the application in IdP. A minimum of one user is required to create a superuser in FinSpace.

## Step 6: Create a superuser in your FinSpace environment


**Note**  
In order to create a FinSpace environment, you need to be a user with **AdministratorAccess** role or FinSpace policy.

Now that the users are assigned to your FinSpace application in your IdP, create a superuser.

After your FinSpace is created, you must create a first superuser to add additional users and to configure permission groups from within the FinSpace web application. A superuser has all permissions to take all actions in FinSpace. The first superuser must be created in the AWS console page. After the superuser is created, the superuser logs in to the FinSpace web application for the first time.

**To create a superuser**

1. Sign in to your AWS account in which the FinSpace environment was created and open the Amazon FinSpace console at [https://console.aws.amazon.com/finspace](https://console.aws.amazon.com/finspace/landing). Your AWS account number is displayed for verification purposes.

1. Choose **Environments** and select the FinSpace environment for which a superuser will be created.

1. Under **Superusers**, choose **Add Superuser**.

1. On **Specify Superuser details** page, enter the **Email address**, **First name**, and **Last name**.

1. Choose **Next**.

1. On the next page, review the superuser details.

1. Choose **Create and view credentials** to get a temporary password.
**Note**  
If you have created an environment with SSO, you will not get a temporary password as you will be authenticated with your IdP.

1. On the **View Credentials** page, view and copy the superuser security credentials. You also get a welcome message which you can use to email users instructions for signing into FinSpace.

   Share these credentials with the person designated as the superuser. The credentials are necessary to sign in to your FinSpace web application. The **Environment domain** is the sign-in url for your FinSpace web application.
**Note**  
This is the last time these credentials will be available to be copied. However, you can create new credentials at any time.

You have successfully created a FinSpace environment configured with your SAML 2.0 IdP. Learn more about [managing users in SSO](managing-user-sso.md) and [permissions](managing-user-permissions.md).

# Tutorial: Creating an Amazon FinSpace environment with Okta SSO
Tutorial: Creating an environment with Okta SSO

**Important**  
Amazon FinSpace Dataset Browser will be discontinued on *March 26, 2025*. Starting *November 29, 2023*, FinSpace will no longer accept the creation of new Dataset Browser environments. Customers using [Amazon FinSpace with Managed Kdb Insights](https://aws.amazon.com/finspace/features/managed-kdb-insights/) will not be affected. For more information, review the [FAQ](https://aws.amazon.com/finspace/faqs/) or contact [AWS Support](https://aws.amazon.com/contact-us/) to assist with your transition.

The following tutorial walks you through how Amazon FinSpace environment can be created using Okta as an Identity provider (IdP).

## Prerequisites


Ensure that a user exists in Okta for each person who will need access to FinSpace. When creating users, make sure to include an email address for each user. Email addresses are required to connect the users in Active Directory Federation Services with their corresponding users in FinSpace.

## Step 1: Creating an Okta application


**Note**  
You need to have administrator privileges in Okta for this tutorial.

**To create an Okta application**

1. Sign in to your Okta admin dashboard.

   If you don't have an account, you can create a free [Okta developer edition](https://developer.okta.com/quickstart/) account.

1. Choose **Applications**.

1. Choose **Add Application**.

1. Choose **Create New App**.

1. On the **Create New Application Integration** page, for **Platform** select **Web** from the drop down menu.

1. For **Sign in method**, choose **SAML 2.0** and then choose **Create**.

1. Specify an **App name**. For example, `FinSpace`.

1. Choose **Next**.

1. For the **Single sign on URL**, use `http://placeholder.okta.com `.
**Note**  
This is just a placeholder url to generate the SAML meta data document. You will get the actual single sign on URL once FinSpace environment is created.  
![\[A screenshot of the SAML settings page.\]](http://docs.aws.amazon.com/finspace/latest/userguide/images/09-security/finspace-security-23177.png)

1. For **Audience URI (SP Entity ID)**, enter `placeholder`.
**Note**  
This is just a placeholder Uniform Resource Name (URN) to generate the SAML meta data doc. You will get the actual URN once FinSpace environment is created.

1. Under **ATTRIBUTE STATEMENTS** section, enter the following:

   1. **Name** – `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress` 

   1. **Value** – `user.email`

1. Choose **Next**.

1. Choose **I'm an Okta customer adding an internal app**.

1. Choose **Finish**.

1. Choose **Identity Provider metadata** and then choose **Copy Link Address**.

1. Save the link to a notepad. You can also choose to save SAML metadata document instead of the link.

Now that you have the SAML metadata document or its URL, let's create a FinSpace environment.

## Step 2: Creating a FinSpace environment


**To create a FinSpace environment**

1. Sign in to the AWS Management Console and open the Amazon FinSpace console at [https://console.aws.amazon.com/finspace](https://console.aws.amazon.com/finspace/landing).

1. Choose **Create Environment**.

1. Enter a name for your FinSpace environment under **Environment name**. For example, enter `finspace-saml-okta` 

1. (Optional) Add **Environment description**.

1. Select an existing or create a new KMS key to encrypt data in your FinSpace environment. For more information, see [Managing keys](https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html).

1. For **Authentication method**, select **Single Sign On (SSO)**.

1. Enter your **Identity provider name**. For example, `Okta`.

1. For **Metadata document URL**, select **Provide a metadata document URL** and then paste the SAML metadata document URL in the text box.

1. For **Attribute mapping**, enter the attribute set for email in Okta. Since you set email attribute as `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`, the same value should be set in this field.

1. Under **Initial Superuser**, enter the details to setup the first superuser.

1. Choose **Create Environment**. The environment creation process starts and it will take 50-60 minutes to finish in the background. You can return to other activities while the environment is being created.

1. After the FinSpace environment is ready, copy and save the **Redirect / Sign-in URL** and **URN**.

Your FinSpace is now created. Finish configuration in Okta.

## Step 3: Finish application configuration in Okta


Finish configuration of your FinSpace Okta app with the **Redirect / Sign-in URL** and **URN**.

1. Sign in to your Okta console.

1. Choose **Admin** on the top-right corner.

1. From the top bar menu bar, choose **Applications**.

1. Choose the **FinSpace** app that you had setup with placeholders.

1. Under the **General** tab, scroll to **General Settings** and choose **Edit** on SAML settings.

1. Choose **Next**.

1. For **Single Sign On URL**, paste the copied **Redirect / Sign-in URL** from FinSpace environment.

1. Select the **Use this for Recipient URL and Destination URL** check box.

1. For **Audience URI (SP Entity ID)**, enter the copied **URN** from the FinSpace environment.  
![\[A screenshot that shows the General tab in the SAML settings page.\]](http://docs.aws.amazon.com/finspace/latest/userguide/images/09-security/finspace-security-9d00f.png)

1. Choose **Next**.

1. Choose **Finish**.

## Step 4: Assign user to the FinSpace application in Okta


Now that the application is setup. Assign at least one user to the FinSpace app in Okta who can be created as a superuser for FinSpace.

**To assign user to the FinSpace application in Okta**

1. Sign in to your Okta console.

1. Choose **Admin** on the top-right corner.

1. From the top bar menu bar, choose **Applications**.

1. Choose the **FinSpace**.

1. Choose the **Assignments** tab.

1. Choose the **Assign** drop down menu. A list of users appears.

1. Choose **Assign next** for the user that you want to designate as the superuser in FinSpace. You may add multiple users at this point too.

1. Choose **Save and Go back**.

## Step 5: Create superuser in your FinSpace environment


Now that a user is assigned, they can be created as a superuser in FinSpace.

**To create a superuser**

1. Sign in to the AWS Management Console and open the Amazon FinSpace console at [https://console.aws.amazon.com/finspace](https://console.aws.amazon.com/finspace/landing).

1. Choose `finspace-saml-okta` from the list of environments.

1. Under **Superusers**, choose **Add Superuser**.

1. On **Specify Superuser details** page, enter the email that was used when assigning the user in Okta.

1. Enter the **First name** and the **Last name**.

1. Choose **Create and view credentials**. You will not receive a password as you will use the Okta Idp credentials for authentication.

## Step 6: Sign in to FinSpace with Okta IdP credentials


**To sign in with Okta IdP credentials**

1. Sign in to the AWS Management Console and open the Amazon FinSpace console at [https://console.aws.amazon.com/finspace](https://console.aws.amazon.com/finspace/landing).

1. Choose `finspace-saml-okta` from the list of environments.

1. Copy the link under **Environment domain** and paste it in your web browser.

   You will be re-directed to your Okta Idp authentication page.

1. Enter your SSO credentials to sign in to FinSpace.

# Tutorial: Creating an Amazon FinSpace environment with IAM Identity Center
Tutorial: Creating an environment with IAM Identity Center

**Important**  
Amazon FinSpace Dataset Browser will be discontinued on *March 26, 2025*. Starting *November 29, 2023*, FinSpace will no longer accept the creation of new Dataset Browser environments. Customers using [Amazon FinSpace with Managed Kdb Insights](https://aws.amazon.com/finspace/features/managed-kdb-insights/) will not be affected. For more information, review the [FAQ](https://aws.amazon.com/finspace/faqs/) or contact [AWS Support](https://aws.amazon.com/contact-us/) to assist with your transition.

The following tutorial walks you through how FinSpace environment can be created using AWS IAM Identity Center as an Identity provider (IdP).

## Prerequisites


Ensure that a user exists in IAM Identity Center for each person who will need access to FinSpace. When creating users, make sure to include an email address for each user. Email addresses are required to connect the users in Active Directory Federation Services with their corresponding users in FinSpace.

## Step 1: Creating an application in IAM Identity Center


**Note**  
You need to have appropriate privileges in IAM Identity Center to create a SAML application.

**To create an application in IAM Identity Center**

1. Sign in to AWS Management Console, and open IAM Identity Center.

1. Choose **Settings**.

1. For **Identity source**, choose **IAM Identity Center**.

1. From the left menu, choose **Applications**.

1. Choose **Add application**.

1. Choose **Add a custom SAML 2.0 application**.

1. Choose **Next**.

1. On the **Configure application** page, specify a display name for the application. For example, you can use `FinSpace-SAML-application`.

1. (Optional) Add a description.

1. Copy and save the URL for **IAM Identity Center SAML metadata file** or download it. You will need it when you create a FinSpace environment.

1. For **Application metadata**, choose **Manually type your metadata values**.

1. For **Application ACS URL**, enter `https://finspace.com/saml2/idpresponse`. For **Application SAML audience**, enter `urn:amazon:sp:*`.
**Note**  
These are sample values. Return to application configuration and replace these fields with the actual values after you create an environment. 

1. Choose **Submit**. The page for newly created application opens.

1. On the application page, choose **Actions** and then choose **Edit attribute mappings**.

1. On the attribute mappings page, enter the attribute mappings values as shown in the following screenshot.  
![\[A screenshot that shows the attribute mappings.\]](http://docs.aws.amazon.com/finspace/latest/userguide/images/09-security/finspace-security-attribute-mapping.png)

1. Choose **Save changes**.

Now that you have the SAML metadata document or it's URL, create a FinSpace environment next.

## Step 2: Creating a FinSpace environment


**To create a FinSpace environment**

1. Sign in to the AWS Management Console and open the Amazon FinSpace console at [https://console.aws.amazon.com/finspace](https://console.aws.amazon.com/finspace/landing).

1. Choose **Create Environment**.

1. Enter a name for your FinSpace environment under **Environment name**. For example, enter `finspace-saml-aws-sso` 

1. (Optional) Add **Environment description**.

1. Select an existing or create a new KMS key to encrypt data in your FinSpace environment. For more information, see [Managing keys](https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html).

1. For **Authentication method**, select **Single Sign On (SSO)**.

1. Enter your **Identity provider name**. For example, **IAM Identity Center**.

1. For **Metadata document URL**, choose **Provide a metadata document URL** and then paste the SAML metadata document URL in the text box. This is the same URL that you copied when [creating an application](#metadata-url).

1. For **Attribute mapping**, enter the attribute set for email in IAM Identity Center. Since you set attribute as `Email` in SSO, set the same in mapping.

1. Choose **Create Environment**. The environment creation process starts and it will take 50-60 minutes to finish in the background. You can return to other activities while the environment is being created.

1. After the FinSpace environment is ready, copy and save the **Redirect / Sign-in URL** and **URN**.

## Step 3: Finish application configuration in IAM Identity Center


Finish configuration of IAM Identity Center app with the **Redirect / Sign-in URL** and **URN**.

1. Sign in to AWS Management Console, and open IAM Identity Center.

1. Choose **Applications**.

1. Choose **FinSpace-SAML-application** that you created in step 1 of this tutorial.

1. On the application details page, choose **Actions** and then choose **Edit configuration**.

1. In the **Application metadata** section, paste the following values that you copied in step 2 of this tutorial.

   1. For **Application ACS URL**, paste the **Redirect / Sign-in URL**.

   1. For **Application SAML audience**, paste the **URN**.

1. Choose **Submit**.

## Step 4: Assign user to the FinSpace application in IAM Identity Center


After setting up the application, assign at least one user to it in IAM Identity Center. You can create this user as a superuser for FinSpace.

**To assign a user**

1. Sign in to AWS Management Console, and open IAM Identity Center.

1. Choose **Applications**.

1. Choose the `FinSpace-SAML-application` application.

1. Choose **Assign Users**.

1. From the list of users, choose and assign users to the application.

## Step 5: Create superuser in your FinSpace environment


After assigning a user,you can create them as a superuser in FinSpace.

**To create a superuser**

1. Sign in to the AWS Management Console and open the Amazon FinSpace console at [https://console.aws.amazon.com/finspace](https://console.aws.amazon.com/finspace/landing).

1. Choose `finspace-saml-aws-sso` from the list of environments.

1. Under **Superusers**, choose **Add Superuser**.

1. On the **Specify Superuser details** page, enter the email that was used when assigning the user in IAM Identity Center.

1. Enter the **First name** and the **Last name**.

1. Choose **Next**.

1. Review the details and choose **Create and view credentials**. You will not receive a password as you will use the IAM Identity Center credentials for authentication.

## Step 6: Sign in to FinSpace with IAM Identity Center credentials


**To sign in with IAM Identity Center credentials**

1. Sign in to the AWS Management Console and open the Amazon FinSpace console at [https://console.aws.amazon.com/finspace](https://console.aws.amazon.com/finspace/landing).

1. Choose `finspace-saml-aws-sso` from the list of environments.

1. Choose the **Application URL** link.

   The IAM Identity Center authentication page opens.

1. Enter your SSO credentials to sign in to FinSpace.

# Tutorial: Creating an Amazon FinSpace environment with AD FS
Tutorial: Creating an environment with AD FS

**Important**  
Amazon FinSpace Dataset Browser will be discontinued on *March 26, 2025*. Starting *November 29, 2023*, FinSpace will no longer accept the creation of new Dataset Browser environments. Customers using [Amazon FinSpace with Managed Kdb Insights](https://aws.amazon.com/finspace/features/managed-kdb-insights/) will not be affected. For more information, review the [FAQ](https://aws.amazon.com/finspace/faqs/) or contact [AWS Support](https://aws.amazon.com/contact-us/) to assist with your transition.

The following tutorial walks you through how Amazon FinSpace environment can be created using Microsoft Active Directory Federation Services (AD FS) as an Identity provider (IdP).

**Note**  
You need to have appropriate privileges in AD FS to create a SAML application.

## Prerequisites


Ensure that a user exists in AD FS for each person who will need access to FinSpace. When creating users, make sure to include an email address for each user. Email addresses are required to connect the users in AD FS with their corresponding users in FinSpace.

## Step 1: Access the SAML metadata document or URL from AD FS


Access the SAML metadata document or URL from your AD FS installation. You will need this document or URL to create the FinSpace environment.

## Step 2: Creating a FinSpace environment


**To create a FinSpace environment**

1. Sign in to the AWS Management Console and open the Amazon FinSpace console at [https://console.aws.amazon.com/finspace](https://console.aws.amazon.com/finspace/landing).

1. Choose **Create Environment**.

1. Enter a name for your FinSpace environment under **Environment name**. For example, enter `finspace-saml-adfs`.

1. (Optional) Add **Environment description**.

1. Select an existing or create a new KMS key to encrypt data in your FinSpace environment. For more information, see [Managing keys](https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html).

1. For **Authentication method**, select **Single Sign On (SSO)**.

1. Enter your **Identity provider name**. For example, `AD FS`.

1. For **Metadata document URL**, select **Provide a metadata document URL** and then paste the SAML metadata document URL in the text box.

1. For **Attribute mapping**, enter the attribute set for email in AD FS. It should be `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`.

1. Choose **Create Environment**. The environment creation process starts and it will take 50-60 minutes to finish in the background. You can return to other activities while the environment is being created.

1. After the FinSpace environment is ready, copy and save the **Redirect / Sign-in URL** and **URN**.

## Step 3: Configure AD FS for FinSpace


**To configure ADFS for FinSpace**

1. Sign in to your AD FS console.

1. Go to **Server Manager**.

1. From the top-right drop down menu, choose **Tools**.

1. Choose **AD FS management**.

1. From the left menu, choose **Relying Party Trusts**.

1. Choose **Add Relying Party Trust**.

1. From the dialog box, choose **Claims Aware**.

1. Choose **Enter data about the relying party manually**.

1. For display name, enter `FinSpace` and then choose **Next**.

1. Choose **Enable support for the SAML 2.0 WebSSO protocol**.

1. Paste the **Redirect / Sign-in URL** and then choose **Next**.

1. Paste the **URN** under the **Relying party trust identifier**.

1. Choose **Add** and then choose **Next**.

1. Choose **Close**. You will see **FinSpace** in the list of **Relying Party Trusts**.

1. Right-click on **FinSpace** and choose **Edit Claim Issuance Policy**.

1. On the next page, chose **Add Rule**.

1. Under **Claim Rule Template**, choose **Send LDAP Attributes as Claims**.

1. Choose **Next**.

1. For **Claim rule name**, enter rule name as `emailclaimrule`.

1. Under **Attribute store**, choose **Active Directory**.

1. Under **Mapping of LDAP attributes to outgoing claim types**, set the LDAP attributes as following:

   1. For **LDAP attribute**, enter `E-mail-Addresses` and for **Outgoing Claim Type** , enter `E-mail Address`.

   1. Repeat the above step to set **LDAP attribute**, as `E-mail-Addresses` and **Outgoing Claim Type** as `Name ID`.

1. Choose **Finish** and then choose **OK**.

## Step 4: Assign user in AD FS


Ensure that any user to be enabled for FinSpace has a valid email in their user record in AD FS.

## Step 5: Create superuser in your FinSpace environment


**To create a superuser**

1. Sign in to the AWS Management Console and open the Amazon FinSpace console at [https://console.aws.amazon.com/finspace](https://console.aws.amazon.com/finspace/landing).

1. Choose `finspace-saml-adfs` from the list of environments.

1. Under **Superusers**, choose **Add Superuser**.

1. On **Specify Superuser details** page, enter the email that was used when assigning the user in AD FS.

1. Enter the **First name** and the **Last name**.

1. Choose **Create and view credentials**. You will not receive a password as you will use the IAM Identity Center credentials for authentication.

## Step 6: Sign in to FinSpace with AWS SSO credentials


**To sign in with IAM Identity Center credentials**

1. Sign in to the AWS Management Console and open the Amazon FinSpace console at [https://console.aws.amazon.com/finspace](https://console.aws.amazon.com/finspace/landing).

1. Choose `finspace-saml-adfs` from the list of environments.

1. Copy the link under **Domain** and paste it in your web browser.

   You will be re-directed to your AD FS authentication page.

1. Enter your SSO credentials to sign in to FinSpace.