Subscribe to Help Center RSS FeedAWS and ̽»¨´óÉñ have partnered to offer a VPN alternative for securely accessing company applications over the web using ̽»¨´óÉñ Goâ„¢, ̽»¨´óÉñ SSO (SAML or OIDC) and . With this collaboration, ̽»¨´óÉñ can authenticate and authorize devices and identities in one console and provide access control for AWS Verified Access for managed devices. See our blog for more information about our partnership.
Prerequisites
- ̽»¨´óÉñ Admin account
- Your ̽»¨´óÉñ Org ID
- ̽»¨´óÉñ SSO Package or higher or SSO add-on feature.
- ̽»¨´óÉñ-managed users on ̽»¨´óÉñ-managed devices
- AWS Admin account (AWS root user)
- AWS organization
There are three steps:
Installing ̽»¨´óÉñ Go
Customers already using ̽»¨´óÉñ Go will have access to AVA with no additional ̽»¨´óÉñ configuration.
The ̽»¨´óÉñ Go Chrome extension provides secure passwordless authentication to ̽»¨´óÉñ protected web resources on managed devices (Mac or Windows). The extension can be installed via ̽»¨´óÉñ Policy, Google’s (CBCM), or manual installation.
See Get Started: ̽»¨´óÉñ Go and Use ̽»¨´óÉñ Go.
Configuring an AWS SSO Connector
If an AWS IAM Center SSO connector already exists, you can optionally create a second OIDC connector or go to the next section, Setup AVA.
To configure AWS IAM Identity Center SSO
See Integrate with AWS IAM Identity Center.
To configure Custom AWS OIDC
See SSO with OIDC.
For additional information about the AWS OIDC configuration, please view the following AWS documentation:
Setting up AVA
AVA provides secure access to company applications over the internet without using a VPN. Once you have set up ̽»¨´óÉñ Go and the AWS SSO Connector, the final step is configuring Verified Access inside AWS. To proceed, please view the following AWS documentation:
Your ̽»¨´óÉñ Org ID needs to be put in the Tenant ID of AVA.
In this Article
Learn More