Configure SSO for Amazon Connect integration

  • Release version: Australia
  • Updated May 11, 2026
  • 2 minutes to read

    • Configure Single Sign-On (SSO) between Amazon Connect and ServiceNow so that agents authenticated through a shared identity provider (IdP) are automatically signed into the Amazon Connect Softphone without a second login.

    Before you begin

    Before starting, verify the following:

    • Amazon Connect instances must be configured with SAML 2.0 authentication during provisioning to ensure the SSO integration is working as expected.

      Configure Amazon Connect instances using SAML 2.0 authentication

    • You have administrator access to your ServiceNow instance, your IdP, and your Amazon Connect instance.
    • The Integration: Multiple Provider Single Sign-On Installer plugin (com.snc.integration.sso.multi.installer) is activated (verify: use 'installed' if this is a Store app) in your ServiceNow instance.
    • User identities (email addresses or usernames) are consistent across ServiceNow, the IdP, and Amazon Connect. A mismatch causes SSO to fail.

    Role required: admin

    About this task

    This task covers the three configuration areas required to enable SSO between ServiceNow and Amazon Connect. The steps use Okta as the example IdP. For other supported IdPs, see the AWS documentation for configuring SAML 2.0 federation with Amazon Connect.

    Procedure

    1. Configure SSO in ServiceNow.

      Configure your ServiceNow instance to authenticate users through your IdP using SAML 2.0. This establishes the authenticated session that SSO for Amazon Connect builds on, so agents can sign in using their IdP credentials and create a persistent IdP session reused for Amazon Connect authentication.

      For more information about Okta Single Sign-On (SSO) configuration for a ServiceNow instance, see the How to configure Okta Single Sign-On (SSO) for a ServiceNow instance [KB0777770} article in the HI Knowledge Base.

    2. Configure SSO for Amazon Connect in the IdP, such as Okta.

      Configure Amazon Connect in the same IdP to accept SAML-based authentication. This involves creating the SAML supported AWS application such as AWS Account Federation, and the IdP such as Okta, configuring the required IAM identity provider and role in AWS, and linking the two together. At the end of this step, Okta generates an IdP-initiated SAML 2.0 SSO URL for the Amazon Connect application.

      For detailed steps using Okta as the IdP, see the Configure Single Sign-On for Amazon Connect Using Okta.

    3. Add the SSO Login URL to the Amazon Connect instance record in ServiceNow.

      Enter the IdP-initiated SAML SSO URL, retrieved at the end of the preceding step, into the Amazon Connect instance configuration record. ServiceNow passes this URL to Amazon Connect which then initiates the SAML 2.0 authentication and on completion from the IdP, loads the Amazon Connect Softphone without any agent interaction.

      The SSO Login URL format for the IdP, such as Okta is as follows:

      https://<your-okta-domain>/app/<app-name>/<app-id>/sso/saml?RelayState=<relay-state-url>

      In this URL:

      • <your-okta-domain> is your Okta tenant domain (for example, trial-6019050.okta.com).
      • <app-name> is the application name generated by Okta.
      • <app-id> is the Okta application ID for the Amazon Web Services SAML app.
      • <relay-state-url> is the AWS federation URL that redirects to your Amazon Connect instance (for example, https://us-east-1.console.aws.amazon.com/connect/federate/<instance-id>?destination=%2Fccp-v2).
      1. Navigate to the Amazon Connect instance configuration record in ServiceNow.
      2. In the SSO Login URL field, enter the IdP-initiated SAML SSO URL.

        Enter the full IdP-initiated SAML SSO URL retrieved at the end of the preceding step. The IdP also provides an embeddable link which offers the same functionality.

        Amazon Connect instance configuration in ServiceNow

      3. Save the record.

      For more information about Single Sign-On (SSO) configuration for ServiceNow Voice, see the Single Sign-On configuration for ServiceNow Voice with Amazon Connect [KB3025173] article in the HI Knowledge Base.

    Result

    After configuration, agents who are authenticated in ServiceNow through the shared IdP are automatically signed into Amazon Connect when they open the softphone. No second login is required.