diff --git a/create_saml_aws.sh b/create_saml_aws.sh
index 4218083..d0d6e22 100755
--- a/create_saml_aws.sh
+++ b/create_saml_aws.sh
@@ -3,7 +3,7 @@
 [ $# -eq 0 ] && { echo "Usage: $0 name_of_idp "; exit 1; }
 
 # call to create the saml provider in the AWS accounts
-aws iam create-saml-provider --saml-metadata-document file://idp.xml --name $1
+aws iam create-saml-provider --saml-metadata-document file://idp.xml --name $1 --profile=$2
 if [ $? -ne 0 ]
   then
     echo "creation failed, read the readme and make sure you have an IAM role to perform this action"
@@ -11,7 +11,7 @@ if [ $? -ne 0 ]
 fi
 
 # create iam roles that saml users can assume, currently administrator or readonly roles:
-aws iam create-role --role-name administrator --assume-role-policy-document file://shibpolicy.json
-aws iam attach-role-policy --role-name administrator --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
-aws iam create-role --role-name readonly --assume-role-policy-document file://shibpolicy.json
-aws iam attach-role-policy --role-name readonly --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess
+aws iam create-role --role-name administrator --assume-role-policy-document file://shibpolicy.json --profile=$2
+aws iam attach-role-policy --role-name administrator --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --profile=$2
+aws iam create-role --role-name readonly --assume-role-policy-document file://shibpolicy.json --profile=$2
+aws iam attach-role-policy --role-name readonly --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess --profile=$2
diff --git a/shibpolicy.json b/shibpolicy.json
index ad889aa..bf9162b 100644
--- a/shibpolicy.json
+++ b/shibpolicy.json
@@ -5,7 +5,7 @@
       "Effect": "Allow",
       "Action": "sts:AssumeRoleWithSAML",
       "Principal": {
-        "Federated": "arn:aws:iam::123456789012:saml-provider/login.at.internet2.edu"
+        "Federated": "arn:aws:iam::135656781587:saml-provider/SATOSA"
       },
       "Condition": {
         "StringEquals": {