AWS Session Token Lifetime in SAML Authentication
May 29, 2025
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview
This article discusses the issue where one AWS integration can support Lifetime Duration and while another one does not support Lifetime Duration.
Applies To
- Session Duration
- Amazon Web Services (AWS)
- Secure Assertion Markup Language (SAML)
Cause
That is happening because there are two AWS integrations in the application catalog: one that supports Lifetime Duration (AWS Account Federation) and one that does not via the SAML attribute (AWS IAM Identity Center).
Solution
To have access to the Session Duration option in the Sign On tab of the application, the AWS Account Federation application needs to be integrated, and not the AWS IAM Identity Center.
