Configure the SAML2 Web App addon for Amazon Web Services (AWS) for an application.
  1. Go to Dashboard > Applications > Applications and either create a new application or click the name of an application to update.
  2. Go to the Addons tab and enable the SAML2 Web App toggle.
  3. On the Settings tab, set the Application Callback URL to: https://signin.aws.amazon.com/saml.
    Dashboard Applications Applications Addons Tab SAML2 Web App Settings Tab
  4. Paste the following code into the Settings text box and click Debug. Be sure to replace the AWS_SSO_ISSUER_URL and AWS_SSO_ACS_URL placeholders with values you copied from AWS.
    {
      "audience": "AWS_SSO_ISSUER_URL",
      "destination": "AWS_SSO_ACS_URL",
      "mappings": {
        "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
        "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
      },
      "createUpnClaim": false,
      "passthroughClaimsWithNoMapping": false,
      "mapUnknownClaimsAsIs": false,
      "mapIdentities": false,
      "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
      "nameIdentifierProbes": [
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
      ]
    }
    
5. Scroll to the bottom of the page and click **Enable**.
6. On the **Usage** tab, locate **Identity Provider Metadata**, and click **Download** to download the metadata file. You'll need this when you configure Auth0 as the identity provider.

   <Frame>![Dashboard Applications Applications Addons Tab SAML2 Web App Usage Tab](https://images.ctfassets.net/cdy7uua7fh8z/3T90BDpyTXFUWDp1JkncBU/86bdba6bed8130b34b42b25c9bf2d232/dashboard-applications-applications-addons-saml2-web-app-usage.png)</Frame>

To learn how to configure AWS for <Tooltip tip="Single Sign-On (SSO): Service that, after a user logs into one applicaton, automatically logs that user in to other applications.">SSO</Tooltip>, read [Configure Amazon Web Services for Single Sign-On](/docs/customize/integrations/aws/configure-amazon-web-services-for-sso).

## Learn more

* [Use Amazon Web Services Session Tags for Role-Based Access Control](/docs/customize/integrations/aws/session-tags)
* [Configure Amazon Web Services for Single Sign-On](/docs/customize/integrations/aws/configure-amazon-web-services-for-sso)