Enable SSO with Azure AD to Integrate AWS login

It is likely that customers, partners or vendors of your company will need to access your environment in today's business scenario. They may need to work across organizational boundaries with equipment and resources. However, without a trust system, it is not always easy to provide secure access to them.

Companies can use federation services with custom access token system to enable users / applications to connect without worrying about safety threats to overcome this challenge. In order to setup this mechanism companies require ADFS (Active Directory Federation Services) or any third-party federation applications to achieve this feature. ADFS provides a means for managing online identities and providing single sign-on capabilities. This is becoming important because of the transition being made from running applications on-premises to running applications in the cloud.

This blog further explore how to enable SSO with Azure AD to Integrate AWS login.

 

List of requirements to setup ADFS federation in the traditional environment are listed below.

  1. ADFS server with High availability solution (Active & Passive)
  2. WAP or ADFS Proxy server for external expose.
  3. Public CA – Certificate
  4. Domain controller server
  5. Exchange Claim token metadata information from Relay party.

Some of the challenges with traditional federation setup are

  1. High availability & Server Maintenance – Administration.
  2. Billing cost for hardware, license and certificate management.

Solution

A solution for the above scenario is to use Azure AD with Enterprise application SSO (IDP) supported application with centralized user management setup. In this blog we have discussed about, how to integrate AWS application with Azure AD to achieve with minimal effort along with security control as per reference schematic diagram given below.

Prerequisites

  1. An Azure AD subscription.
  2. Amazon Web Services (AWS) single sign-on (SSO) enabled subscription.
  3. Azure User Administrator and Cloud Application Administrator delegation access.

Scenario

  1. Enable AWS console login by using Azure AD SSO.
  2. Enable AWS account with multiple Role permissions.
  3. Administration and user management in one central location.

Step by Step Process

  1. Add Amazon Web Services (AWS) from the gallery
  2. Configure Azure AD SSO
  3. Configure Amazon Web Services (AWS)
  4. Create an Azure AD user
  5. Assign the Azure AD test user
  6. Verify the SSO connection.

Reference Link: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/amazon-web-service-tutorial

Benefits

 

Some of the benefits achieved by this solution approach are :

  1. Control in Azure AD who has access to Amazon Web Services (AWS).
  2. Enable users to be automatically signed-in to Amazon Web Services (AWS) with their Azure AD accounts.
  3. Manage user accounts in one central location – the Azure portal.

 

 

Get in touch with our consultants today, and we’ll help craft the right approach for you.

Updated on June 5, 2020

Tags:

In Blog
by
Prev Post
Next Post
Subscribe to our Newsletter1CloudHub