In any organization, users across most departments access critical applications every day, so it’s essential that the user authentication and sign-in processes are secure, efficient, and user-friendly. To further streamline the identity and access management (IAM) processes for organizations using both ̽»¨´óÉñ and AWS, ̽»¨´óÉñ is now officially a supported Amazon Web Services (AWS) Single Sign-On (SSO) partner.
What this means:
- Organizations can connect their ̽»¨´óÉñ Directory Platform to AWS SSO one time to create a simplified sign-in and authentication experience for end users
- IT can manage access to AWS centrally in AWS SSO
- End users can sign-in using ̽»¨´óÉñ to access all of their assigned AWS accounts and resources
AWS is selective with the identity providers (IdPs) they choose to partner with, and now ̽»¨´óÉñ is one of six official options. To use the ̽»¨´óÉñ and AWS SSO integration, you don’t need to be enterprise-size — small and medium-sized enterprises can also reap significant benefits from this partnership.
Benefits of the ̽»¨´óÉñ and AWS SSO Integration
The primary benefits of the ̽»¨´óÉñ and AWS SSO official integration are:
- Improved security and identity control across platforms
- Significant time savings for admins
- Increased visibility of AWS account access levels for all ̽»¨´óÉñ users
- Ability to establish a single, familiar sign-in processes for users, and streamline access management processes for administrators
- Simplified process to grant or revoke AWS access within ̽»¨´óÉñ
To deliver these benefits, this partnership grants ̽»¨´óÉñ organizations:
- Simplified AWS access management across multiple accounts
- A centralized place to control identities and access
- A streamlined sign-in experience for end users
- Standards-based automation for provisioning users and groups into AWS SSO
- Allowance for additional measures of security such as multi-factor authentication (MFA) and to be layered on top of SSO
- Simplified access management through the use of ̽»¨´óÉñ groups — admins can manage access by adding or removing a user from the relevant group
How Does the ̽»¨´óÉñ and AWS SSO Integration Work?
̽»¨´óÉñ’s use of the System for Cross-domain Identity Management (SCIM) protocol automates the process of provisioning users and groups into AWS SSO. Further, the Security Assertion Markup Language (SAML) protocol is used to authenticate ̽»¨´óÉñ users and provide seamless access to their AWS accounts.
The by going into your ̽»¨´óÉñ instance and using your AWS SSO SCIM endpoint and access token. When you set up the SCIM sync, you create a mapping of your user attributes in ̽»¨´óÉñ to the corresponding attributes in AWS SSO, which creates the expected attribute matches between each platform.
With the way this integration works, users can use their ̽»¨´óÉñ credentials to efficiently and securely sign-in to the:
- AWS Management Console
- AWS Command Line Interface (CLI)
- AWS Console Mobile Application
- AWS integrated services, including AWS IoT SiteWise Monitor and Amazon SageMaker Notebooks
Integrate Your ̽»¨´óÉñ Instance With AWS SSO
Give your users single-click access to all of their assigned accounts from the AWS SSO user portal without sacrificing the convenience of the sign-in experience they’re used to with ̽»¨´óÉñ.
Create your AWS SSO application in your ̽»¨´óÉñ account
