Posted On: Mar 17, 2021

The new AWS Single Sign-On (SSO) app, found in the Azure Active Directory app gallery, makes it easier to use your Azure AD identities for sign-in across multiple AWS accounts and AWS SSO integrated applications. Customers who want a centralized way to manage Azure AD users and groups across AWS can use the app to connect Azure AD to AWS SSO once. Customers can then manage permissions to AWS centrally in AWS SSO, and enable users to sign in using Azure AD to access assigned AWS accounts and applications, such as Amazon SageMaker Studio Notebooks.

The new AWS Single Sign-On app simplifies Security Assertion Markup Language (SAML) 2.0 federation set-up for authentication, and System for Cross-domain Identity Management (SCIM) set-up for automated Azure AD user and group synchronization into AWS SSO. Once connected, AWS SSO makes it easy for AWS administrators to manage access centrally to multiple AWS accounts and business applications. AWS SSO redirects users to Azure AD for sign-in, then returns users to the AWS SSO user portal for a central view of all their assigned AWS accounts, roles, and AWS SSO integrated applications. Customers can also use attribute-based access control (ABAC) by configuring AWS SSO to synchronize attributes from Azure AD, or by configuring Azure AD to pass attributes through SAML assertions.

The Azure AD gallery app for AWS Single Sign-On is for customers who have not yet connected their Azure AD tenant to AWS SSO and want a streamlined method to get set up fast. The app is available in the Azure AD app gallery free of charge. Learn more here about using the app. To learn more about AWS SSO visit AWS Single Sign-On. To get started, see the AWS SSO Getting Started Guide.