AWS Client VPN now supports Federated Authentication via SAML 2.0

Posted on: May 19, 2020

AWS Client VPN is a managed, scalable virtual private network service that enables users to securely access AWS resources and on-premises networks. Federated Authentication makes it easy to integrate AWS Client VPN user authentication and authorization with a centralized, SAML based Identity Provider (IdP).  

With the addition of Federated Authentication, AWS Client VPN now supports three methods of authentication: Mutual authentication via client certificates, user authentication via Active Directory, and user Federated Authentication via SAML. Using Active Directory or Federated Authentication, customers can control access to associated networks by specifying authorization rules when configuring their AWS Client VPN endpoint. Active Directory group SIDs or SAML-based IdP group names can be directly referenced from each authorization rule. 

Federated Authentication is now available in Americas (Montreal), Americas (N California), Americas (N Virginia), Americas (Ohio), Americas (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), EU (Ireland), EU (Frankfurt), EU (London), and EU (Stockholm).  

To learn more about Federated Authentication: