Maintained with ☕️ by
IcePanel logo

Amazon AppStream 2.0 can now launch IdP-initiated sessions using the Windows client

Share

Services

Amazon AppStream 2.0 now supports launching the client application for Windows from an Identity Provider (IdP)-initiated SAML 2.0 sign-in flow. This feature allows your end-users to sign in to SAML 2.0 IdPs using their system's default web browser before transitioning into the streaming session in the Windows client. By allowing users to sign in to the client application using their browser, they no longer need to re-authenticate as long as the SAML 2.0 session in the browser remains valid, greatly simplifying their overall experience. In addition, using the browser for authentication also enables you to enforce additional access policies such as conditional access provided by your IdPs before your users start streaming in the client. The feature is now available in all the regions where AppStream 2.0 is offered. To use the feature, make sure that your AppStream 2.0 client application for Windows is version 1.1.1300 or later. You also need to use the new regional relay state endpoints to configure your SAML 2.0 federation. To learn more about the feature and the configurations, review Setting Up SAML in the [AppStream 2.0 Administration Guide](https://docs.aws.amazon.com/appstream2/latest/developerguide/external-identity-providers-setting-up-saml.html).