AWS Security Blog

Tag: AD FS

How to Enable Your Users to Access Office 365 with AWS Managed Microsoft AD

January 18, 2023: We fixed a capitalization issue in a url that was preventing ADFS from authenticating properly in most browers. December 12, 2019: A customer reported that the architecture diagrams had a typo in it, and so we replaced the two diagrams to address the problem. You can now enable your users to access […]

How to Establish Federated Access to Your AWS Resources by Using Active Directory User Attributes

To govern federated access to your AWS resources, it’s a common practice to use Microsoft Active Directory (AD) groups. When using AD groups, establishing federation requires the number of AD groups to be equal to the number of your AWS accounts multiplied by the number of roles in each of your AWS accounts. As you […]

How to Use SAML to Automatically Direct Federated Users to a Specific AWS Management Console Page

Identity federation enables your enterprise users (such as Active Directory users) to access the AWS Management Console via single sign-on (SSO) by using their existing credentials. In Security Assertion Markup Language (SAML) 2.0, RelayState is an optional parameter that identifies a specified destination URL your users will access after signing in with SSO. When using […]

How to Set Up Uninterrupted, Federated User Access to AWS Using AD FS

Microsoft Active Directory Federation Services (AD FS) is a common identity provider that many AWS customers use to give federated users access to the AWS Management Console. AD FS uses multiple certificates to ensure secure communication between servers and to act as authentication mechanisms. One such mechanism is called the token-signing certificate. When the token-signing certificate expires, […]

How to Set Up SSO to the AWS Management Console for Multiple Accounts by Using AD FS and SAML 2.0

AWS supports Security Assertion Markup Language (SAML) 2.0, an open standard for identity federation used by many identity providers (IdPs). SAML enables federated single sign-on (SSO), which enables your users to sign in to the AWS Management Console or to make programmatic calls to AWS APIs by using assertions from a SAML-compliant IdP. Many of […]

How to Implement Federated API and CLI Access Using SAML 2.0 and AD FS

Feb 21 2023: This post is out of date. AWS now recommends using IAM Identity Center for federated identities accessing AWS by the CLI. Please see this post for more info: AWS CLI v2 Preview Now Supports AWS Single Sign-On Important note from July 18, 2019: The original version of this blog uses Python2.x scripts. […]