Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

AWS::WorkSpacesWeb::IdentityProvider

RSS
Focus mode
AWS::WorkSpacesWeb::IdentityProvider - AWS CloudFormation
SyntaxPropertiesReturn values
Filter View

This resource specifies an identity provider that is then associated with a web portal. This resource is not required if your portal's AuthenticationType is IAM Identity Center.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::WorkSpacesWeb::IdentityProvider",
  "Properties" : {
      "IdentityProviderDetails" : {Key: Value, ...},
      "IdentityProviderName" : String,
      "IdentityProviderType" : String,
      "PortalArn" : String,
      "Tags" : [ Tag, ... ]
    }
}

YAML

Type: AWS::WorkSpacesWeb::IdentityProvider
Properties:
  IdentityProviderDetails: 
    Key: Value
  IdentityProviderName: String
  IdentityProviderType: String
  PortalArn: String
  Tags: 
    - Tag

Properties

IdentityProviderDetails

The identity provider details. The following list describes the provider detail keys for each identity provider type.

  • For Google and Login with Amazon:

    • client_id

    • client_secret

    • authorize_scopes

  • For Facebook:

    • client_id

    • client_secret

    • authorize_scopes

    • api_version

  • For Sign in with Apple:

    • client_id

    • team_id

    • key_id

    • private_key

    • authorize_scopes

  • For OIDC providers:

    • client_id

    • client_secret

    • attributes_request_method

    • oidc_issuer

    • authorize_scopes

    • authorize_url if not available from discovery URL specified by oidc_issuer key

    • token_url if not available from discovery URL specified by oidc_issuer key

    • attributes_url if not available from discovery URL specified by oidc_issuer key

    • jwks_uri if not available from discovery URL specified by oidc_issuer key

  • For SAML providers:

    • MetadataFile OR MetadataURL

    • IDPSignout (boolean) optional

    • IDPInit (boolean) optional

    • RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256

    • EncryptedResponses (boolean) optional

Required: Yes

Type: Object of String

Pattern: ^[\s\S]*$

Minimum: 0

Maximum: 131072

Update requires: No interruption

IdentityProviderName

The identity provider name.

Required: Yes

Type: String

Pattern: ^[^_][\p{L}\p{M}\p{S}\p{N}\p{P}][^_]+$

Minimum: 1

Maximum: 32

Update requires: No interruption

IdentityProviderType

The identity provider type.

Required: Yes

Type: String

Allowed values: SAML | Facebook | Google | LoginWithAmazon | SignInWithApple | OIDC

Update requires: No interruption

PortalArn

The ARN of the identity provider.

Required: No

Type: String

Pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36})+$

Minimum: 20

Maximum: 2048

Update requires: Replacement

Tags

Property description not available.

Required: No

Type: Array of Tag

Minimum: 0

Maximum: 200

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource's Amazon Resource Name (ARN).

For more information about using the Ref function, see Ref.

Fn::GetAtt

IdentityProviderArn

The ARN of the identity provider.

On this page

Next topic:

Tag

Previous topic:

Tag

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.