AWS – Certificate-Based Authentication is now available on Amazon AppStream 2.0 multi-session fleets

Amazon AppStream 2.0 improves the end-user experience by adding support for certificate-based authentication (CBA) on multi-session fleets running the Microsoft Windows operating system and joined to an Active Directory. This functionality helps administrators to leverage the cost benefits of the multi-session model while providing an enhanced end-user experience. By combining these enhancements with the existing advantages of multi-session fleets, AppStream 2.0 offers a solution that helps balance cost-efficiency and user satisfaction.

By using certificate-based authentication, you can rely on the security and logon experience features of your SAML 2.0 identity provider, such as passwordless authentication, to access AppStream 2.0 resources. Certificate-based authentication with AppStream 2.0 enables a single sign-on logon experience to access domain-joined desktop and application streaming sessions without separate password prompts for Active Directory.

This feature is available at no additional cost in all the AWS Regions where Amazon AppStream 2.0 is available. AppStream 2.0 offers pay-as-you go pricing. To get started with AppStream 2.0, see Getting Started with Amazon AppStream 2.0.

To enable this feature for your users, you must use an AppStream 2.0 image that uses AppStream 2.0 agent released on or after February 7, 2025 or your image is using Managed AppStream 2.0 image updates released on or after February 11, 2025.
 

Read More for the details.