Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

AD FS credentials

PDF
RSS
Focus mode
AD FS credentials - Amazon Athena
Credentials providerUserPasswordADFS host nameADFS port numberADFS relying partyADFS WIA enabledPreferred roleRole session durationLake Formation enabled

A SAML-based authentication mechanism that enables authentication to Athena using Microsoft Active Directory Federation Services (AD FS). This method assumes that the user has already set up a federation between Athena and AD FS.

Credentials provider

The credentials provider that will be used to authenticate requests to AWS. Set the value of this parameter to ADFS.

Parameter name Alias Parameter type Default value Value to use
CredentialsProvider AWSCredentialsProviderClass (deprecated) Required none ADFS

User

The email address of the AD FS user to use for authentication with AD FS.

Parameter name Alias Parameter type Default value
User UID (deprecated) Required for form-based authentication. Optional for Windows Integrated Authentication. none

Password

The password for the AD FS user.

Parameter name Alias Parameter type Default value
Password PWD (deprecated) Required for form-based authentication. Optional for Windows Integrated Authentication. none

ADFS host name

The address for your AD FS server.

Parameter name Alias Parameter type Default value
AdfsHostName IdP_Host (deprecated) Required none

ADFS port number

The port number to use to connect to your AD FS server.

Parameter name Alias Parameter type Default value
AdfsPortNumber IdP_Port (deprecated) Required none

ADFS relying party

The trusted relying party. Use this parameter to override the AD FS relying party endpoint URL.

Parameter name Alias Parameter type Default value
AdfsRelyingParty LoginToRP (deprecated) Optional urn:amazon:webservices

ADFS WIA enabled

Boolean. Use this parameter to enable Windows Integrated Authentication (WIA) with AD FS.

Parameter name Alias Parameter type Default value
AdfsWiaEnabled none Optional FALSE

Preferred role

The Amazon Resource Name (ARN) of the role to assume. For information about ARN roles, see AssumeRole in the AWS Security Token Service API Reference.

Parameter name Alias Parameter type Default value
PreferredRole preferred_role (deprecated) Optional none

Role session duration

The duration, in seconds, of the role session. For more information, see AssumeRole in the AWS Security Token Service API Reference.

Parameter name Alias Parameter type Default value
RoleSessionDuration Duration (deprecated) Optional 3600

Lake Formation enabled

Specifies whether to use the AssumeDecoratedRoleWithSAML Lake Formation API action to retrieve temporary IAM credentials instead of the AssumeRoleWithSAML AWS STS API action.

Parameter name Alias Parameter type Default value
LakeFormationEnabled none Optional FALSE

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.