Launch the ClassLink SAML Console
After logging in to the SAML Console, click on COPY EXISTING from the navigation menu on top. This will present a list of pre-configured SAML templates.
Search for and copy the AWS AppStream 2.0 template from the library.
The service provider configuration will now appear in your ClassLink SAML Console Dashboard. Click on the 3 dots under the Tasks Column and Edit. Complete the Login URL for the school district/organization and click Save to return to the dashboard.
To complete the https://aws.amazon.com/SAML/Attributes/Role attribute, first import
the ClassLink IDP metadata on AWS's side. Once the setup has been completed on
their end, you can add the roles. This is a combination of the Role ARN and the
AWS IdP ARN (comma separated [role,idp]).
Clicking on the clipboard icon will copy the ClassLink IDP Metadata URL. Please provide it to your AWS Appstream engineer.
Once the IDP metadata has been imported on their end, you can add the roles in your empty attribute box in the AWS Appstream 2.0 configuration in the ClassLink SAML console.
Create the SSO App
To create the SSO application in your ClassLink Management Console, click on the drop-down menu and Copy IDP Initiate Login URL.
In your CMC, create the SAML app with the URL you just copied. This will be the first part of the SSO URL. The second part will be the AWS relay state stack URL. Before adding the relay state stack URL, you will have to encode it first. You can do this here. Add the encoded AWS stack URL to the IDP Initiate URL by appending [?relaystate=stack URL] to the end of the IDP Initiate Login URL and click Save.
