diff --git a/main.tf b/main.tf
index 8c4fd04..4dcad7e 100644
--- a/main.tf
+++ b/main.tf
@@ -95,10 +95,15 @@ resource "aws_elasticsearch_domain" "opensearch" {
 resource "aws_elasticsearch_domain_saml_options" "opensearch_saml_options" {
   domain_name = var.cluster_name
   saml_options {
-    enabled = var.saml_options_enabled
+    enabled                 = var.saml_options_enabled
+    master_backend_role     = var.saml_options_master_backend_role
+    master_user_name        = var.saml_options_master_user_name
+    roles_key               = var.saml_options_roles_key
+    session_timeout_minutes = var.saml_options_session_timeout_minutes
+    subject_key             = var.saml_options_subject_key
     idp {
-      entity_id        = var.entity_id
-      metadata_content = var.metadata_content
+      entity_id        = var.saml_options_idp_entity_id
+      metadata_content = var.saml_options_idp_metadata_content
     }
   }
-}
\ No newline at end of file
+}
diff --git a/variables.tf b/variables.tf
index dceb7c9..462a4a9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -217,14 +217,38 @@ variable "saml_options_enabled" {
   type        = bool
   default     = false
 }
-
-variable "entity_id" {
+variable "saml_options_master_backend_role" {
+  description = "(Optional) This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user."
+  type        = string
+  default     = null
+}
+variable "saml_options_master_user_name" {
+  description = "(Optional) This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user."
+  type        = string
+  default     = null
+}
+variable "saml_options_roles_key" {
+  description = "(Optional) Element of the SAML assertion to use for backend roles. Default is roles. e.g. http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"
+  type        = string
+  default     = null
+}
+variable "saml_options_subject_key" {
+  description = "(Optional) Custom SAML attribute to use for user names. Default is an empty string. This will cause Elasticsearch to use the NameID element of the Subject, which is the default location for name identifiers in the SAML specification."
+  type        = string
+  default     = null
+}
+variable "saml_options_session_timeout_minutes" {
+  description = "(Optional) Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440."
+  type        = number
+  default     = null
+}
+variable "saml_options_idp_entity_id" {
   description = "URL of the entity id"
   type        = string
   default     = null
 }
 
-variable "metadata_content" {
+variable "saml_options_idp_metadata_content" {
   type        = string
   description = "Contents of the saml-metadata.xml file"
   default     = null