How to create AWS Console Deeplinks behind IAM Identity Center login?

When managing access to multiple accounts via IAM Identity Center, the AWS Access Portal provides clickable links for each of the available Roles/PermissionSets in those accounts. However, the console always loads to the main page. Is there a way to construct a "deeplink" URL, such that a(n authorized) user who clicks it will:

• be logged in via Identity Center(/SSO)
• be redirected to the desired location within the console

I'm aware that it's possible to Set Relay State for a given PermissionSet, but this is insufficient as I might want a given user to be redirected to different locations from different links - that is, I want the destination to be encoded in the clicked URL, not in the PermissionSet's metadata. Creating a different PermissionSet for every possible destination is not practical.

This blog seems to describe exactly what I'm trying to achieve, but it doesn't work for me - following the instructions, I:

• constructed a string RPID=(url-encoded string of urn:amazon:webservices)&RelayState=(url-encoded destination url)
• URL-encoded that string
• Appended that string (after a ?RelayState=) to my Access Portal-provided one-click sign-in

However, the resulting URL just signs me in and puts me on the main page, without any redirection.

Sadly, all the links from that article appear to be broken. I also found this page, and tried using it to generate a deeplink - again, no luck, I just got signed in to the main page.

I do note that my sign-in url does not look like the examples - they look like https://<domain>/adfs/ls/idpinitiatedsignon.aspx, whereas mine looks like https://<internal-string>.awsapps.com/start/#/saml/custom/AAA/BBB, where:

• AAA is the url-encoded string of account-number (account-nickname)
• BBB is the url-encoding of some base64-encoded data that refers to the master AWS account, followed by two (underscore-delimited) identifiers I can't place - one of the form ins-[alphanumerics], and the other of the form p-[alphanumerics]

Does this mean that my ADFS is differently configured than this feature expects? Is there still a way to achieve what I want?

EDIT: I've been informed by my Network Admin that we use Azure AD internally, not ADFS, which might be the reason for the different URL format.

Yes, you can now do it creating a "shortcut link for specific console access" https://docs.aws.amazon.com/singlesignon/latest/userguide/createshortcutlink.html