Connect / Client / get_federation_token



Supports SAML sign-in for Amazon Connect. Retrieves a token for federation. The token is for the Amazon Connect user which corresponds to the IAM credentials that were used to invoke this action.

For more information about how SAML sign-in works in Amazon Connect, see Configure SAML with IAM for Amazon Connect in the Amazon Connect Administrator Guide.


This API doesn’t support root users. If you try to invoke GetFederationToken with root credentials, an error message similar to the following one appears:

Provided identity: Principal: .... User: .... cannot be used for federation with Amazon Connect

See also: AWS API Documentation

Request Syntax

response = client.get_federation_token(

InstanceId (string) –


The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.

Return type:



Response Syntax

    'Credentials': {
        'AccessToken': 'string',
        'AccessTokenExpiration': datetime(2015, 1, 1),
        'RefreshToken': 'string',
        'RefreshTokenExpiration': datetime(2015, 1, 1)
    'SignInUrl': 'string',
    'UserArn': 'string',
    'UserId': 'string'

Response Structure

  • (dict) –

    • Credentials (dict) –

      The credentials to use for federation.

      • AccessToken (string) –

        An access token generated for a federated user to access Amazon Connect.

      • AccessTokenExpiration (datetime) –

        A token generated with an expiration time for the session a user is logged in to Amazon Connect.

      • RefreshToken (string) –

        Renews a token generated for a user to access the Amazon Connect instance.

      • RefreshTokenExpiration (datetime) –

        Renews the expiration timer for a generated token.

    • SignInUrl (string) –

      The URL to sign into the user’s instance.

    • UserArn (string) –

      The Amazon Resource Name (ARN) of the user.

    • UserId (string) –

      The identifier for the user. This can be the ID or the ARN of the user.


  • Connect.Client.exceptions.InvalidRequestException

  • Connect.Client.exceptions.InvalidParameterException

  • Connect.Client.exceptions.ResourceNotFoundException

  • Connect.Client.exceptions.UserNotFoundException

  • Connect.Client.exceptions.InternalServiceException

  • Connect.Client.exceptions.DuplicateResourceException