Log in to AWS Management Console with your organization management credentials.
Open AWS SSO Console.
Select Enable AWS SSO.
If you have not yet created AWS Organizations, a prompt to create an organization appears.
Click Go to Settings.
Under Identity source section, click Actions > Change identity source.
Select External Identity Provider and click Next.
Click Download metadata file and save the file for further use.
The AWS SSO SAML metadata file must be uploaded in Advanced Authentication that serves as the external identity provider.
Under Identity provider metadata, click Choose file, and select the metadata file that you downloaded from Advanced Authentication Step 3.
Click Next.
Specify ACCEPT to confirm the change and click Change identity source.