Amazon AppStream 2.0 now provides application entitlements for SAML 2.0 federated user identities

Starting today, you can control access to specific applications within your Amazon AppStream 2.0 stacks based on SAML 2.0 attribute assertions. In addition, your SAML 2.0 federated user identities can access multiple AppStream 2.0 stacks from a single SAML 2.0 service provider (SP) application. Previously, each stack required a separate service provider application configured in your SAML 2.0 identity provider (IdP). These features will allow you to streamline access control to your AppStream stacks and reduce the number of fleets and images that need to be maintained due to application access restrictions. For example, from a single SAML 2.0 SP application in your IdP relaying to a single AppStream 2.0 stack, you can entitle users belonging to one group to one set of applications, and another group to a different set of applications.

Source:: Amazon AWS