I'm in the process of migrating from AWS IAM user / AssumeRole authentication to using the AWS Single Sign-On service. Cyberduck has worked great with the user/role auth, and I have a couple feature requests that I think would allow it to work with AWS SSO.
For an Amazon S3 connection, add a field to enter an AWS Session Token directly, along with the access key id and secret access key.
AWS SSO presents a nice copy/paste window for session credentials, and it would be easy for a user to copy/paste the values from "Option 3" (below) into Cyberduck when connecting. This is a screenshot of the AWS SSO login page that presents temporary credentials and how to use them.
I'm supporting Cyberduck users that have limited text editor / terminal experience, so a workflow that relies on them making changes to ~/.aws/credentials to update their access keys / session token is cumbersome.