AWS appstream2 documentation change
Summary
Updated service name references from 'AppStream 2.0' to 'WorkSpaces Applications' throughout SAML 2.0 integration documentation
Security assessment
The changes appear to be a rebranding update rather than addressing security vulnerabilities. All modifications are service name substitutions in SAML federation documentation without introducing new security controls or addressing specific vulnerabilities. The content remains focused on existing security features (SAML integration) rather than patching weaknesses.
Diff
diff --git a/appstream2/latest/developerguide/external-identity-providers-further-info.md b/appstream2/latest/developerguide/external-identity-providers-further-info.md index a7d46bf63..a310887f2 100644 --- a//appstream2/latest/developerguide/external-identity-providers-further-info.md +++ b//appstream2/latest/developerguide/external-identity-providers-further-info.md @@ -3 +3 @@ -[Documentation](/index.html)[Amazon AppStream 2.0](/appstream2/index.html)[Administration Guide](what-is-appstream.html) +[Documentation](/index.html)[Amazon WorkSpaces Applications](/appstream2/index.html)[Administration Guide](what-is-appstream.html) @@ -5 +5 @@ -# AppStream 2.0 Integration with SAML 2.0 +# WorkSpaces Applications Integration with SAML 2.0 @@ -7 +7 @@ -The following links help you configure third-party SAML 2.0 identity provider solutions to work with AppStream 2.0. +The following links help you configure third-party SAML 2.0 identity provider solutions to work with WorkSpaces Applications. @@ -11,13 +11,13 @@ IdP solution | More information -AWS IAM Identity Center | [ Enable federation with IAM Identity Center and Amazon AppStream 2.0 ](https://aws.amazon.com/blogs/desktop-and-application-streaming/enable-federation-with-aws-single-sign-on-and-amazon-appstream-2-0/) — Describes how to use IAM Identity Center to federate user access to your AppStream 2.0 applications with their existing enterprise credentials. -Active Directory Federation Services (AD FS) for Windows Server | [AppStream](https://gg4l.com/product/appstream/) on the GG4L website — Describes how to provide users with SSO access to AppStream 2.0 by using their existing enterprise credentials. You can configure federated identities for AppStream 2.0 by using AD FS 3.0. -Azure Active Directory (Azure AD) | [Enabling Federation with Azure AD Single Sign-On and Amazon AppStream 2.0 ](https://aws.amazon.com/blogs/desktop-and-application-streaming/enabling-federation-with-azure-ad-single-sign-on-and-amazon-appstream-2-0/) — Describes how to configure federated user access for Amazon AppStream 2.0 by using Azure AD SSO for enterprise applications. -GG4L School Passport™ | [Enabling Identity Federation with GG4L’s School Passport™ and Amazon AppStream 2.0 ](https://sso.gg4l.com/docs/#/appstream) — Describes how to configure GG4L’s School Passport™ to federate login to AppStream 2.0. -Google | [Setting up G Suite SAML 2.0 federation with Amazon AppStream 2.0](https://aws.amazon.com/blogs/desktop-and-application-streaming/setting-up-g-suite-saml-2-0-federation-with-amazon-appstream-2-0/) — Describes how to use the G Suite Admin console to set up SAML federation to AppStream 2.0 for users in G Suite domains. -Okta | [How to Configure SAML 2.0 for Amazon AppStream 2.0](http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Amazon-AppStream-2-0.html) — Describes how to use Okta to set up SAML federation to AppStream 2.0. For stacks that are joined to a domain, the "Application username format" must be set to "AD user principal name". -Ping Identity | [Configuring an SSO connection to Amazon AppStream 2.0](https://support.pingidentity.com/s/article/Configuring-an-SSO-connection-to-Amazon-AppStream-2-0) — Describes how to set up single sign-on (SSO) to AppStream 2.0. -Shibboleth | [Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth](https://aws.amazon.com/blogs/security/new-whitepaper-single-sign-on-integrating-aws-openldap-and-shibboleth/) — Describes how to set up the initial federation between the Shibboleth IdP and the AWS Management Console. You must complete the following additional steps to enable federation to AppStream 2.0. Step 4 of the AWS Security whitepaper describes how to create IAM roles that define the permissions that federated users have to the AWS Management Console. After you create these roles and embed the inline policy as described in the whitepaper, modify this policy so that it provides federated users with permissions to access only an AppStream 2.0 stack. To do this, replace the existing policy with the policy noted in _Step 3: Embed an Inline Policy for the IAM Role_ , in [Setting Up SAML](./external-identity-providers-setting-up-saml.html).When you add the stack relay state URL as described in _Step 6: Configure the Relay State of Your Federation_ , in [Setting Up SAML](./external-identity-providers-setting-up-saml.html), add the relay state parameter to the federation URL as a target request attribute. The URL must be encoded. For information about configuring relay state parameters, see the [SAML 2.0](https://wiki.shibboleth.net/confluence/display/IDP30/UnsolicitedSSOConfiguration#UnsolicitedSSOConfiguration-SAML2.0) section in the Shibboleth documentation.For more information, see [Enabling Identity Federation with Shibboleth and Amazon AppStream 2.0](https://aws.amazon.com/blogs/desktop-and-application-streaming/enabling-identity-federation-with-shibboleth-and-amazon-appstream-2-0/). -VMware WorkSpace ONE | [Federating Access to Amazon AppStream 2.0 from VMware Workspace ONE ](https://aws.amazon.com/blogs/desktop-and-application-streaming/federating-access-to-amazon-appstream-2-0-from-vmware-workspace-one/) — Describes how to use the VMware Workspace ONE platform to federate user access to your AppStream 2.0 applications. -SimpleSAMLphp | [Enabling Federation with SimpleSAMLphp and Amazon AppStream 2.0 ](https://aws.amazon.com/blogs/desktop-and-application-streaming/enabling-federation-with-simplesamlphp-and-amazon-appstream-2-0/) — Describes how to configure SAML 2.0 federation for AppStream 2.0 using SimpleSAMLphp. -OneLogin Single Sign-On (SSO) | [OneLogin SSO with Amazon AppStream 2.0](https://aws.amazon.com/blogs/desktop-and-application-streaming/onelogin-sso-with-amazon-appstream-2-0/) — Describes how to configure federated user access for AppStream 2.0 using OneLogin SSO. -JumpCloud Single Sign-On (SSO) | [Enable federation with JumpCloud SSO and Amazon AppStream 2.0](https://aws.amazon.com/blogs/desktop-and-application-streaming/enable-federation-with-jumpcloud-sso-and-appstream-2-0/) — Describes how to configure federated user access for AppStream 2.0 using JumpCloud SSO. -BIO-key PortalGuard | [Enable federation with Bio-key PortalGuard and Amazon AppStream 2.0](https://aws.amazon.com/blogs/desktop-and-application-streaming/enable-federation-with-bio-key-portalguard-and-amazon-appstream-2-0/) — Describes how to configure BIO-key PortalGuard for federated logins to AppStream 2.0. +AWS IAM Identity Center | [ Enable federation with IAM Identity Center and Amazon WorkSpaces Applications ](https://aws.amazon.com/blogs/desktop-and-application-streaming/enable-federation-with-aws-single-sign-on-and-amazon-appstream-2-0/) — Describes how to use IAM Identity Center to federate user access to your WorkSpaces Applications applications with their existing enterprise credentials. +Active Directory Federation Services (AD FS) for Windows Server | [AppStream](https://gg4l.com/product/appstream/) on the GG4L website — Describes how to provide users with SSO access to WorkSpaces Applications by using their existing enterprise credentials. You can configure federated identities for WorkSpaces Applications by using AD FS 3.0. +Azure Active Directory (Azure AD) | [Enabling Federation with Azure AD Single Sign-On and Amazon WorkSpaces Applications ](https://aws.amazon.com/blogs/desktop-and-application-streaming/enabling-federation-with-azure-ad-single-sign-on-and-amazon-appstream-2-0/) — Describes how to configure federated user access for Amazon WorkSpaces Applications by using Azure AD SSO for enterprise applications. +GG4L School Passport™ | [Enabling Identity Federation with GG4L’s School Passport™ and Amazon WorkSpaces Applications ](https://sso.gg4l.com/docs/#/appstream) — Describes how to configure GG4L’s School Passport™ to federate login to WorkSpaces Applications. +Google | [Setting up G Suite SAML 2.0 federation with Amazon WorkSpaces Applications](https://aws.amazon.com/blogs/desktop-and-application-streaming/setting-up-g-suite-saml-2-0-federation-with-amazon-appstream-2-0/) — Describes how to use the G Suite Admin console to set up SAML federation to WorkSpaces Applications for users in G Suite domains. +Okta | [How to Configure SAML 2.0 for Amazon WorkSpaces Applications](http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Amazon-AppStream-2-0.html) — Describes how to use Okta to set up SAML federation to WorkSpaces Applications. For stacks that are joined to a domain, the "Application username format" must be set to "AD user principal name". +Ping Identity | [Configuring an SSO connection to Amazon WorkSpaces Applications](https://support.pingidentity.com/s/article/Configuring-an-SSO-connection-to-Amazon-AppStream-2-0) — Describes how to set up single sign-on (SSO) to WorkSpaces Applications. +Shibboleth | [Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth](https://aws.amazon.com/blogs/security/new-whitepaper-single-sign-on-integrating-aws-openldap-and-shibboleth/) — Describes how to set up the initial federation between the Shibboleth IdP and the AWS Management Console. You must complete the following additional steps to enable federation to WorkSpaces Applications. Step 4 of the AWS Security whitepaper describes how to create IAM roles that define the permissions that federated users have to the AWS Management Console. After you create these roles and embed the inline policy as described in the whitepaper, modify this policy so that it provides federated users with permissions to access only an WorkSpaces Applications stack. To do this, replace the existing policy with the policy noted in _Step 3: Embed an Inline Policy for the IAM Role_ , in [Setting Up SAML](./external-identity-providers-setting-up-saml.html).When you add the stack relay state URL as described in _Step 6: Configure the Relay State of Your Federation_ , in [Setting Up SAML](./external-identity-providers-setting-up-saml.html), add the relay state parameter to the federation URL as a target request attribute. The URL must be encoded. For information about configuring relay state parameters, see the [SAML 2.0](https://wiki.shibboleth.net/confluence/display/IDP30/UnsolicitedSSOConfiguration#UnsolicitedSSOConfiguration-SAML2.0) section in the Shibboleth documentation.For more information, see [Enabling Identity Federation with Shibboleth and Amazon WorkSpaces Applications](https://aws.amazon.com/blogs/desktop-and-application-streaming/enabling-identity-federation-with-shibboleth-and-amazon-appstream-2-0/). +VMware WorkSpace ONE | [Federating Access to Amazon WorkSpaces Applications from VMware Workspace ONE ](https://aws.amazon.com/blogs/desktop-and-application-streaming/federating-access-to-amazon-appstream-2-0-from-vmware-workspace-one/) — Describes how to use the VMware Workspace ONE platform to federate user access to your WorkSpaces Applications applications. +SimpleSAMLphp | [Enabling Federation with SimpleSAMLphp and Amazon WorkSpaces Applications ](https://aws.amazon.com/blogs/desktop-and-application-streaming/enabling-federation-with-simplesamlphp-and-amazon-appstream-2-0/) — Describes how to configure SAML 2.0 federation for WorkSpaces Applications using SimpleSAMLphp. +OneLogin Single Sign-On (SSO) | [OneLogin SSO with Amazon WorkSpaces Applications](https://aws.amazon.com/blogs/desktop-and-application-streaming/onelogin-sso-with-amazon-appstream-2-0/) — Describes how to configure federated user access for WorkSpaces Applications using OneLogin SSO. +JumpCloud Single Sign-On (SSO) | [Enable federation with JumpCloud SSO and Amazon WorkSpaces Applications](https://aws.amazon.com/blogs/desktop-and-application-streaming/enable-federation-with-jumpcloud-sso-and-appstream-2-0/) — Describes how to configure federated user access for WorkSpaces Applications using JumpCloud SSO. +BIO-key PortalGuard | [Enable federation with Bio-key PortalGuard and Amazon AppStream 2.0](https://aws.amazon.com/blogs/desktop-and-application-streaming/enable-federation-with-bio-key-portalguard-and-amazon-appstream-2-0/) — Describes how to configure BIO-key PortalGuard for federated logins to WorkSpaces Applications.