Category: Security, Identity, & Compliance

The AS2TrustedDomains DNS TXT record can only enable the same domain (or subdomains) in which the DNS TXT record is created. In a scenario where you do not own the domain where your IdP resolves, an alternative architecture is required. In this blog, I outline the process to create an AS2TrustedDomains DNS TXT record for […]

Customers with strict compliance requirements such as financial industries, healthcare, and government sectors use End User Compute (EUC) solutions to regulate access and centralize tooling. For these organizations, users are often required to connect to a Virtual Private Network (VPN) to access the private corporate network. In this blog, I explain how users with such […]

In this blog, I discuss the benefits of using certificate-based authentication (CBA) for Amazon AppStream 2.0. I give an overview of the short-lived certificate mode offered by AWS Private Certificate Authority and why it is important to this use mode. Also, I walk you through the steps to configure CBA for Amazon AppStream 2.0. Amazon […]

In this blog, we discuss the benefits of using certificate-based authentication (CBA) for Amazon WorkSpaces. we give an overview of the short-lived CA mode offered by AWS Private Certificate Authority and why it is important to this use case. Also, we walk you through the steps to configure CBA for Amazon WorkSpaces. Amazon WorkSpaces certificate-based […]

Enterprises are seeking method to offer more secure authentication and a better user experience. Furthermore, they’re required to have centralized user Authentication and Authorization without the need to replicate user credentials and authorization in another Identity provider (IDP). In previous blog, we showed how to provide users with Single Sign-On (SSO) access to Amazon AppStream […]

This blog post shows you how to use application entitlements with Google WorkSpace authentication for your AppStream 2.0 stacks. Customers use Amazon AppStream 2.0 to manage applications centrally, and stream them to their end users. With application entitlements, you can control access to specific applications in the AppStream 2.0 application catalog based on SAML assertions. Using […]

Amazon AppStream 2.0 supports identity federation to AppStream 2.0 stacks through Security Assertion Markup Language 2.0 (SAML 2.0). This blog provides guidance on how to configure Duo Single Sign-On as an identity provider for AppStream 2.0. If you don’t have an identity provider, you can use AWS Single Sign-On. Review the AppStream 2.0 administration guide […]

AWS Directory Service for Microsoft Active Directory is a fully managed Microsoft Active Directory that is often paired with Amazon WorkSpaces. Customers choose AWS Managed Microsoft AD because of its built-in high availability, monitoring, and backups. AWS Managed Microsoft AD Enterprise edition adds the ability to configure multi-Region Replication. This feature automatically configures inter-Region networking […]

This blog post shows you how to use Okta claims to configure application entitlements for your Amazon AppStream 2.0 stacks. Customers use Amazon AppStream 2.0 to manage applications centrally, and stream them to their end users. With , you control access to specific applications in the AppStream 2.0 application catalog with SAML assertions. In addition, […]

This blog post shows you how to use application entitlements with Azure Active Directory (Azure AD) for your AppStream 2.0 stacks. Customers use Amazon AppStream 2.0 to manage applications centrally, and stream them to their end users. With application entitlements, you can control access to specific applications in the AppStream 2.0 application catalog based on […]