Posted On: Nov 23, 2021

You can now enable one-click single sign-on to your Amazon Elastic Compute Cloud instances running Microsoft Windows (Amazon EC2 Windows Instances) with AWS Single Sign-On (AWS SSO). You can connect your instances with users from AWS SSO or any AWS SSO supported identity provider, such as Okta, Ping, and OneLogin. This makes it easy for you to access your instance desktops from anywhere without having to enter your credentials multiple times or having to configure remote access client software. Now, you can use your existing corporate usernames, passwords, and multi-factor authentication devices to securely access your Amazon EC2 Windows Instances, eliminating the use of shared administrator credentials. In addition, you have visibility into individual user actions which can be viewed in the Amazon EC2 Windows event log, making it easier to meet audit and compliance requirements.

With AWS SSO, you can centrally grant and revoke access to your Amazon EC2 Windows Instances at scale across multiple AWS accounts. For example, if you remove an employee from your AWS SSO integrated identity system, their access to all AWS resources (including Amazon EC2 Windows Instances) is automatically revoked.

You can enable the one-click single sign-on experience in the AWS Systems Manager Fleet Manager console with a few simple configuration steps. This new feature is available in all AWS Regions where AWS SSO and AWS Systems Manager are offered (excluding AWS China Regions and AWS GovCloud [US]).

To learn more please see our blog post.