SAML.to
Developer Friendly
AWS Role Assumption
Replace Okta, JumpCloud, AWS SSO,
or home-grown scripts to assume AWS roles.
Command Line Interface
Use the saml-to
CLI assume roles on developer systems.
Run in the terminal:
saml-to login github
$(saml-to assume [a-role-name-or-arn] --headless)
aws ec2 reboot-instances ...
GitHub Actions
Use the assume-aws-role-action
to assume roles during CI/CD.
Within a GitHub Action:
steps:
- uses: saml-to/assume-aws-role-action@v1
with:
role: a-role-name-or-arn
- run: aws ecs deploy ...
GitHub Codespaces
Use the assume-aws-role
to assume roles in Codesapces.
In devcontainer.json:
"features": {
"ghcr.io/saml-to/devcontainer-features/assume-aws-role:1": {
"role": "a-role-name-or-arn"
},
}
Other Ways to Use SAML.to
Declarative Access Control Lists
Service Providers and Permissions as configuration.
Checked into a GitHub repository.
Auditable Access Control
Review, Approve, and Audit using standard GitHub practices.
Only administrators need access to the Repository & Configuration.
Command Line Interface
Logins and credential generation from the console.
Web- and console-based role assumption is available as well!
Pricing
Free
1,000
Role Assumptions per monthUnlimited Users
Unlimited AWS Accounts
Assume via Web
Assume via CLI
Roles for Repositories
Assume in GitHub Actions
Access Control as Code
Weekly Email Reports
Premium
$5 per active user
per month+ Everything in Free Tier
Unlimited Role Assumptions
GitHub Teams
Access Requests/Grants
Audit Logs
Usage Reports
2-Factor Authentication
Email Notifications
Webhooks
API Access
BYO Certificate
Enterprise
Contact Us for Pricing
+ Everything in Premium Tier
Dedicated SSO Tenant
Self-Hosted or SaaS
Custom PKI Support
Additional Identity Providers