AWS Single Sign-On Admin

2026/04/30 - AWS Single Sign-On Admin - 3 updated api methods

Changes  Add InstanceArn and IdentityStoreArn in the response of CreateApplication API and IdentityStoreArn in the response of DescribeApplication API

CreateApplication (updated) Link ¶
Changes (response) 
{'IdentityStoreArn': 'string', 'InstanceArn': 'string'}

Creates an OAuth 2.0 customer managed application in IAM Identity Center for the given application provider.

See also: AWS API Documentation

Request Syntax

client.create_application(
    InstanceArn='string',
    ApplicationProviderArn='string',
    Name='string',
    Description='string',
    PortalOptions={
        'SignInOptions': {
            'Origin': 'IDENTITY_CENTER'|'APPLICATION',
            'ApplicationUrl': 'string'
        },
        'Visibility': 'ENABLED'|'DISABLED'
    },
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    Status='ENABLED'|'DISABLED',
    ClientToken='string'
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the instance of IAM Identity Center under which the operation will run. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

type ApplicationProviderArn:

string

param ApplicationProviderArn:

[REQUIRED]

The ARN of the application provider under which the operation will run.

type Name:

string

param Name:

[REQUIRED]

The name of the .

type Description:

string

param Description:

The description of the .

type PortalOptions:

dict

param PortalOptions:

A structure that describes the options for the portal associated with an application.

  • SignInOptions (dict) --

    A structure that describes the sign-in options for the access portal.

    • Origin (string) -- [REQUIRED]

      This determines how IAM Identity Center navigates the user to the target application. It can be one of the following values:

      • APPLICATION: IAM Identity Center redirects the customer to the configured ApplicationUrl.

      • IDENTITY_CENTER: IAM Identity Center uses SAML identity-provider initiated authentication to sign the customer directly into a SAML-based application.

    • ApplicationUrl (string) --

      The URL that accepts authentication requests for an application. This is a required parameter if the Origin parameter is APPLICATION.

  • Visibility (string) --

    Indicates whether this application is visible in the access portal.

type Tags:

list

param Tags:

Specifies tags to be attached to the application.

  • (dict) --

    A set of key-value pairs that are used to manage the resource. Tags can only be applied to permission sets and cannot be applied to corresponding roles that IAM Identity Center creates in Amazon Web Services accounts.

    • Key (string) -- [REQUIRED]

      The key for the tag.

    • Value (string) -- [REQUIRED]

      The value of the tag.

type Status:

string

param Status:

Specifies whether the application is enabled or disabled.

type ClientToken:

string

param ClientToken:

Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value.

If you don't provide this value, then Amazon Web Services generates a random one for you.

If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.

This field is autopopulated if not provided.

rtype:

dict

returns:

Response Syntax

{
    'ApplicationArn': 'string',
    'InstanceArn': 'string',
    'IdentityStoreArn': 'string'
}

Response Structure

  • (dict) --

    • ApplicationArn (string) --

      Specifies the ARN of the application.

    • InstanceArn (string) --

      The ARN of the instance of IAM Identity Center under which the operation will run. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    • IdentityStoreArn (string) --

      The ARN of the identity store that is connected to the instance of IAM Identity Center.

DescribeApplication (updated) Link ¶
Changes (response) 
{'IdentityStoreArn': 'string'}

Retrieves the details of an application associated with an instance of IAM Identity Center.

See also: AWS API Documentation

Request Syntax

client.describe_application(
    ApplicationArn='string'
)
type ApplicationArn:

string

param ApplicationArn:

[REQUIRED]

Specifies the ARN of the application. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

rtype:

dict

returns:

Response Syntax

{
    'ApplicationArn': 'string',
    'ApplicationProviderArn': 'string',
    'Name': 'string',
    'ApplicationAccount': 'string',
    'InstanceArn': 'string',
    'IdentityStoreArn': 'string',
    'Status': 'ENABLED'|'DISABLED',
    'PortalOptions': {
        'SignInOptions': {
            'Origin': 'IDENTITY_CENTER'|'APPLICATION',
            'ApplicationUrl': 'string'
        },
        'Visibility': 'ENABLED'|'DISABLED'
    },
    'Description': 'string',
    'CreatedDate': datetime(2015, 1, 1),
    'CreatedFrom': 'string'
}

Response Structure

  • (dict) --

    • ApplicationArn (string) --

      Specifies the ARN of the application.

    • ApplicationProviderArn (string) --

      The ARN of the application provider under which the operation will run.

    • Name (string) --

      The application name.

    • ApplicationAccount (string) --

      The account ID.

    • InstanceArn (string) --

      The ARN of the IAM Identity Center application under which the operation will run. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

    • IdentityStoreArn (string) --

      The ARN of the identity store that is connected to the instance of IAM Identity Center.

    • Status (string) --

      Specifies whether the application is enabled or disabled.

    • PortalOptions (dict) --

      A structure that describes the options for the portal associated with an application.

      • SignInOptions (dict) --

        A structure that describes the sign-in options for the access portal.

        • Origin (string) --

          This determines how IAM Identity Center navigates the user to the target application. It can be one of the following values:

          • APPLICATION: IAM Identity Center redirects the customer to the configured ApplicationUrl.

          • IDENTITY_CENTER: IAM Identity Center uses SAML identity-provider initiated authentication to sign the customer directly into a SAML-based application.

        • ApplicationUrl (string) --

          The URL that accepts authentication requests for an application. This is a required parameter if the Origin parameter is APPLICATION.

      • Visibility (string) --

        Indicates whether this application is visible in the access portal.

    • Description (string) --

      The description of the .

    • CreatedDate (datetime) --

      The date the application was created.

    • CreatedFrom (string) --

      The Amazon Web Services Region where the application was created in IAM Identity Center.

ListApplications (updated) Link ¶
Changes (response) 
{'Applications': {'IdentityStoreArn': 'string'}}

Lists all applications associated with the instance of IAM Identity Center. When listing applications for an organization instance in the management account, member accounts must use the applicationAccount parameter to filter the list to only applications created from that account. When listing applications for an account instance in the same member account, a filter is not required.

See also: AWS API Documentation

Request Syntax

client.list_applications(
    InstanceArn='string',
    MaxResults=123,
    NextToken='string',
    Filter={
        'ApplicationAccount': 'string',
        'ApplicationProvider': 'string'
    }
)
type InstanceArn:

string

param InstanceArn:

[REQUIRED]

The ARN of the IAM Identity Center application under which the operation will run. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

type MaxResults:

integer

param MaxResults:

Specifies the total number of results that you want included in each response. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next set of results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

type NextToken:

string

param NextToken:

Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.

type Filter:

dict

param Filter:

Filters response results.

  • ApplicationAccount (string) --

    An Amazon Web Services account ID number that filters the results in the response.

  • ApplicationProvider (string) --

    The ARN of an application provider that can filter the results in the response.

rtype:

dict

returns:

Response Syntax

{
    'Applications': [
        {
            'ApplicationArn': 'string',
            'ApplicationProviderArn': 'string',
            'Name': 'string',
            'ApplicationAccount': 'string',
            'InstanceArn': 'string',
            'IdentityStoreArn': 'string',
            'Status': 'ENABLED'|'DISABLED',
            'PortalOptions': {
                'SignInOptions': {
                    'Origin': 'IDENTITY_CENTER'|'APPLICATION',
                    'ApplicationUrl': 'string'
                },
                'Visibility': 'ENABLED'|'DISABLED'
            },
            'Description': 'string',
            'CreatedDate': datetime(2015, 1, 1),
            'CreatedFrom': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Applications (list) --

      Retrieves all applications associated with the instance.

      • (dict) --

        A structure that describes an application that uses IAM Identity Center for access management.

        • ApplicationArn (string) --

          The ARN of the application.

        • ApplicationProviderArn (string) --

          The ARN of the application provider for this application.

        • Name (string) --

          The name of the application.

        • ApplicationAccount (string) --

          The Amazon Web Services account ID number of the application.

        • InstanceArn (string) --

          The ARN of the instance of IAM Identity Center that is configured with this application.

        • IdentityStoreArn (string) --

          The ARN of the identity store that is connected to the instance of IAM Identity Center.

        • Status (string) --

          The current status of the application in this instance of IAM Identity Center.

        • PortalOptions (dict) --

          A structure that describes the options for the access portal associated with this application.

          • SignInOptions (dict) --

            A structure that describes the sign-in options for the access portal.

            • Origin (string) --

              This determines how IAM Identity Center navigates the user to the target application. It can be one of the following values:

              • APPLICATION: IAM Identity Center redirects the customer to the configured ApplicationUrl.

              • IDENTITY_CENTER: IAM Identity Center uses SAML identity-provider initiated authentication to sign the customer directly into a SAML-based application.

            • ApplicationUrl (string) --

              The URL that accepts authentication requests for an application. This is a required parameter if the Origin parameter is APPLICATION.

          • Visibility (string) --

            Indicates whether this application is visible in the access portal.

        • Description (string) --

          The description of the application.

        • CreatedDate (datetime) --

          The date and time when the application was originally created.

        • CreatedFrom (string) --

          The Amazon Web Services Region where the application was created in IAM Identity Center.

    • NextToken (string) --

      If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.