Tag: Identity providers

Managing access to accounts and applications requires a balance between delivering simple, convenient access and managing the risks associated with active user sessions. Based on your organization’s needs, you might want to make it simple for end users to sign in and to operate long enough to get their work done, without the disruptions associated […]

February 6, 2023: Updates added to explain an additional detail regarding the sourceIdentity field. In addition to using the sourceIdentity field to reference the user through various roles they have assumed, you may also construct your IAM trust policies to enforce acceptable sourceIdentity values or ensure any value for sourceIdentity is set. When you use […]

September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. IAM Identity CenterThis blog post discusses the benefits of using an attribute-based access control (ABAC) strategy and also describes how to use ABAC with […]

June 19, 2020: The Prerequisites section of this post has been updated to include the prerequisite to enable Sts:tagSession to the role trust policy. AWS Identity and Access Management (IAM) allows customers to provide granular access control to resources in AWS. One approach to granting access to resources is to use attribute-based access control (ABAC) […]

March 10, 2020: This blog post is out of date. Please refer to this post for updated info: How to set up federated single sign-on to AWS using Google Workspace The AWS Security Blog has covered a variety of solutions for federating single sign-on (SSO) to the AWS Management Console. For example, How to Connect […]