SAML.to

Developer Friendly

AWS Role Assumption

Replace Okta, JumpCloud, AWS SSO,
or home-grown scripts to assume AWS roles.

Command Line Interface

Use the saml-to CLI assume roles on developer systems.

Run in the terminal:
saml-to login github

$(saml-to assume [a-role-name-or-arn] --headless)

aws ec2 reboot-instances ...
GitHub Actions

Use the assume-aws-role-action to assume roles during CI/CD.

Within a GitHub Action:
steps:
- uses: saml-to/assume-aws-role-action@v1
  with:
    role: a-role-name-or-arn
- run: aws ecs deploy ...
GitHub Codespaces

Use the assume-aws-role to assume roles in Codesapces.

In devcontainer.json:
"features": {
  "ghcr.io/saml-to/devcontainer-features/assume-aws-role:1": {
    "role": "a-role-name-or-arn"
  },
}

Other Ways to Use SAML.to

Declarative Access Control Lists

Service Providers and Permissions as configuration.

Checked into a GitHub repository.

Auditable Access Control

Review, Approve, and Audit using standard GitHub practices.

Only administrators need access to the Repository & Configuration.

Command Line Interface

Logins and credential generation from the console.

Web- and console-based role assumption is available as well!


Pricing

Free

1,000
Role Assumptions per month
Unlimited Users
Unlimited AWS Accounts
Assume via Web
Assume via CLI
Roles for Repositories
Assume in GitHub Actions
Access Control as Code
Weekly Email Reports

Premium

$5 per active user
per month
+ Everything in Free Tier
Unlimited Role Assumptions
GitHub Teams
Access Requests/Grants
Audit Logs
Usage Reports
2-Factor Authentication
Email Notifications
Webhooks
API Access
BYO Certificate

Enterprise

 
Contact Us for Pricing
+ Everything in Premium Tier
Dedicated SSO Tenant
Self-Hosted or SaaS
Custom PKI Support
Additional Identity Providers