Update values in AWS Secrets Manager

You must sign the SAML requests and responses with SAML certificates to establish trust and verify authenticity. The certificate is created when you create the SAML 2.0 custom application. You will need to configure the solution application with the public key of this certificate.

From your AWS console, navigate to AWS Secrets Manager.
From the list of secrets, choose the secret named /Sandboxstudio/<NAMESPACE>/Auth/IDPCert
On the secret details page, on the Overview tab, in the Secret value section, choose Retrieve secret value and choose Edit.
Select Plaintext.
Copy the value of the IAM Identity Center certificate file (.pem) you downloaded. For more information, refer to the Save application configuration values Certificate section.
Paste it into the secrets manager secret Plaintext and select Save. This will ensure that the application can use SAML authentication.

Note: The Sandbox Studio on AWS solution is now ready for use. You can log into the web UI and start using the solution.

Overview

Features and Benefits

Use cases

Concepts and definitions

Solution Architecture

AWS Well-Architected design considerations

AWS services in this solution

Account Cleaner components

Account lifecycle - TBCompleted

Supported AWS Regions

Running Costs

Security

Quotas

Choosing the deployment accounts

Prerequisites

AWS CloudFormation templates

Prepare to Launch the Stack

Step 1: Deploy the AccountPool stack

Step 2: Deploy the IDC stack

Step 3: Deploy the Data stack

Step 4: Deploy the Compute stack

Step 5: ?????

Create a SAML 2.0 application

Map application attributes

Assign groups to your application

Assign users to groups

Update configuration using AWS AppConfig

Update values in AWS Secrets Manager

Logging into the web UI

User Guide

Manager Guide

Administrator Guide

Monitoring the solution

Software Licence

Investigating accounts in Quarantine state

Resolving clean-up failures

End leases and eject accounts

Uninstall solution stacks

Resources retained after deletion

Delete the custom application in IAM Identity Center

Revision 1.0 - 18/07/2025

Sandbox Studio Terms and Conditions

Running the wizard

Prerequisite #1: AWS Organizations

Prerequisite #2: Service Control Policies (SCPs)

Prerequisite #3: IAM Identity Center

Prerequisite #4: Resource Access Manager

Prerequisite #5: Cloudformation Stacksets

Prerequisite #6: Cost Explorer

Prerequisite #7: IAM Identity Center Custom SAML Application

Prerequisite #8: Lambda Concurrency Limit

Prerequisite #9: Simple Email Service

Update values in AWS Secrets Manager