How to use SAML authentication with AzureAD for Amazon OpenSearch Service and OpenSearch Serverless
5 min readSep 27, 2023
In this blog post, I will show you how to use SAML authentication with AzureAD for Amazon OpenSearch Service and OpenSearch Serverless. SAML authentication lets you use your existing identity provider to offer single sign-on (SSO) for OpenSearch Dashboards, which is a visualization tool for analyzing your search results. You can also use data access policies to restrict the search results to only the indexes that the requester has permission to access.
Prerequisites
To follow this tutorial, you need the following:
- An AWS account with permissions to create and manage OpenSearch Service domains or OpenSearch Serverless collections.
- An AzureAD account with permissions to create and manage enterprise applications.
- A domain or collection running OpenSearch version 2.x or later with fine-grained access control enabled.
- A dataset that you want to index and search using OpenSearch.
Step 1: Create a SAML provider in AzureAD
The first step is to create a SAML provider in AzureAD that will act as the identity provider (IdP) for your domain or collection. To do this, follow…
