Amazon Verified Permissions improves support for OIDC identity providers
Amazon Verified Permissions has simplified implementing fine-grained authorization for developers using third party identity providers, such as Okta, CyberArk and Transmit security. Developers can now authorize user actions, based on attributes and group memberships, managed within their own open id connect (OIDC) compliant identity provider. For example, in a insurance claims processing application, you can authorize that only users in the “manager” group who completed the “high value claim training” are allowed to approve claims for more than $10,000.
Verified Permissions provides fine-grained authorization for the applications that you build, allowing you to implement permissions as Cedar policies rather than application code. This feature simplifies implementing fine-grained authorization by enabling you to pass OIDC tokens to authorize requests. When authorizing the request, Amazon Verified Permissions validates the OIDC token and evaluates Cedar policies using user attributes and groups extracted from the token.
You can get started using the feature by visiting Amazon Verified Permission from the AWS console, and creating a new policy store. We have partnered with leading identity providers, CyberArk, Okta, and Transmit Security, to test this feature and ensure a smooth experience. This feature is available in all regions where Amazon Verified Permissions is available. For more information visit the Verified Permissions product page.