# Getting AWS SSO to work with KeePass and Kee

The AWS SSO login page (such as those that come after the custom "acmeco.awsapps.com" domains) tend to be a bit problematic for full integration with Kee/KeePass2/. Here's my working configuration...

- Kee 
    - In the browser, go to the Kee options page 
        - This can be found by clicking the **Kee extension icon**, click the **menu icon**, then click **Options (gear icon)**
    - Under **Finding forms → Include List → Text field ID**, append these options:  
        ```
        ,awsui-input-2,awsui-input-0
        ```
- KeePass 
    - Edit your password entry
    - Go to **Kee → Form fields**
    - Alter the username entry... 
        - Edit the **KeePass username** entry
        - Set the **Id** field to **awsui-input-0** then click **Ok**
    - Create a text-type TOTP entry 
        - Click **Add**
        - Set the **Value** field to **{TOTP}**
        - Set the **Id** field to **awsui-input-2**
        - Set the **KeePass placeholders** option to **Enable** then click **Ok**
    - Create a password-type TOTP entry 
        - Click **Add**
        - Set the **Value** field to **{TOTP}**
        - Set the **Type** to **Password**
        - Set the **Id** field to **awsui-input-2** then click **Ok**
    - Click **OK** to save the password entry  
        <table border="1" style="border-collapse: collapse; width: 100.051%; height: 76.3907px;"><colgroup><col style="width: 99.8645%;"></col></colgroup><thead><tr><td style="background-color: #429fe3;">Information</td></tr></thead><tbody><tr><td>It may seem odd that we are adding both a text and a password type entry. It appears that AWS uses both types depending on the SSO implementation. Using both entries covers both use cases.</td></tr></tbody></table>