AWS Public Sector Blog

Tag: AWS SSO

Enabling SAML AWS SSO GovCloud

Enabling SAML 2.0 federation with AWS SSO and AWS GovCloud (US)

AWS SSO helps administrators centrally manage access to multiple AWS accounts that are members of an AWS Organization. End users can authenticate and then access all their AWS accounts from a single interface. Using AWS SSO as a SAML identity provider for your AWS accounts also has security benefits: user credentials provided via federation are temporary. AWS SSO does not automatically detect AWS GovCloud (US) accounts associated with standard AWS accounts in your AWS Organization. AWS SSO is also not currently available in AWS GovCloud (US). As a result, AWS SSO cannot be used to automatically provision access for your users into an AWS GovCloud (US) account. However, this functionality can be extended to enable federation into AWS GovCloud (US) with a “custom SAML 2.0 application” in AWS SSO.

Read More

Using AWS SSO with Microsoft Azure AD to federate to AWS GovCloud (US)

Many government customers use AWS GovCloud (US) because it provides an environment for sensitive data and regulated workloads by addressing a number of U.S. government security and compliance requirements. In many cases, customers have a number of AWS GovCloud (US) accounts and managing authentication and authorization can require a lot of work. These customers may also use Microsoft Azure Active Directory (Azure AD) for identity management, single sign-on (SSO), and multi-factor authentication (MFA). This post builds on features and functionality announced earlier by demonstrating the necessary steps to configure Azure AD, AWS SSO, and the AWS GovCloud (US)-specific identity provider centrally for ease of management.

Read More