This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::OpenSearchService::Domain SAMLOptions Container for information about the SAML configuration for OpenSearch Dashboards. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Enabled](#cfn-opensearchservice-domain-samloptions-enabled)" : {{Boolean}}, "[Idp](#cfn-opensearchservice-domain-samloptions-idp)" : {{Idp}}, "[MasterBackendRole](#cfn-opensearchservice-domain-samloptions-masterbackendrole)" : {{String}}, "[MasterUserName](#cfn-opensearchservice-domain-samloptions-masterusername)" : {{String}}, "[RolesKey](#cfn-opensearchservice-domain-samloptions-roleskey)" : {{String}}, "[SessionTimeoutMinutes](#cfn-opensearchservice-domain-samloptions-sessiontimeoutminutes)" : {{Integer}}, "[SubjectKey](#cfn-opensearchservice-domain-samloptions-subjectkey)" : {{String}} } ``` ### YAML ``` [Enabled](#cfn-opensearchservice-domain-samloptions-enabled): {{Boolean}} [Idp](#cfn-opensearchservice-domain-samloptions-idp): {{ Idp}} [MasterBackendRole](#cfn-opensearchservice-domain-samloptions-masterbackendrole): {{String}} [MasterUserName](#cfn-opensearchservice-domain-samloptions-masterusername): {{String}} [RolesKey](#cfn-opensearchservice-domain-samloptions-roleskey): {{String}} [SessionTimeoutMinutes](#cfn-opensearchservice-domain-samloptions-sessiontimeoutminutes): {{Integer}} [SubjectKey](#cfn-opensearchservice-domain-samloptions-subjectkey): {{String}} ``` ## Properties `Enabled` True to enable SAML authentication for a domain. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Idp` The SAML Identity Provider's information. *Required*: No *Type*: [Idp](aws-properties-opensearchservice-domain-idp.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MasterBackendRole` The backend role that the SAML master user is mapped to. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MasterUserName` The SAML master user name, which is stored in the domain's internal user database. *Required*: No *Type*: String *Pattern*: `.*` *Minimum*: `1` *Maximum*: `64` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RolesKey` Element of the SAML assertion to use for backend roles. Default is `roles`. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SessionTimeoutMinutes` The duration, in minutes, after which a user session becomes inactive. Acceptable values are between 1 and 1440, and the default value is 60. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SubjectKey` Element of the SAML assertion to use for the user name. Default is `NameID`. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)