![]() ![]() This new feature enables federated single sign-on (SSO), which lets users sign into the AWS Management Console or make programmatic calls to AWS APIs by using assertions from a SAML-compliant identity provider (IdP) like ADFS. BackgroundĪWS recently added support for SAML, an open standard used by many identity providers. If you missed my session and you’re interested in hearing my talk, you can catch the recording or view my slides. In this post I describe the use case for enterprise federation, describe how the integration between ADFS and AWS works, and then provide the setup details that I used for my re:Invent demo. The presentation must have struck a nerve, because a number of folks approached me afterwards and asked me if I could publish my configuration-hence the inspiration for this post. One use case I demonstrated was enterprise federation to AWS using Windows Active Directory (AD), Active Directory Federation Services (ADFS) 2.0, and SAML (Security Assertion Markup Language) 2.0. ![]() If you are just getting started with federating access to your AWS accounts, we recommend that you evaluate AWS SSO for this purpose.Īt this year’s re:Invent I had the opportunity to present on the topic of delegating access to your AWS environment. However, AWS Single Sign-On (AWS SSO) provides analogous capabilities by way of a managed service. These techniques are still valid and useful. ![]() Update from January 17, 2018: The techniques demonstrated in this blog post relate to traditional SAML federation for AWS. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |