AWS Security Blog

Tag: SAML

Introducing AWS Single Sign-On

Today, AWS introduced AWS Single Sign-On (AWS SSO), a service that makes it easy for you to centrally manage SSO access to multiple AWS accounts and business applications. AWS SSO provides a user portal so that your users can find and access all of their assigned accounts and applications from one place, using their existing […]

Read More

SAML Identity Federation: Follow-Up Questions, Materials, Guides, and Templates from an AWS re:Invent 2016 Workshop (SEC306)

As part of the re:Source Mini Con for Security Services at AWS re:Invent 2016, we conducted a workshop focused on Security Assertion Markup Language (SAML) identity federation: Choose Your Own SAML Adventure: A Self-Directed Journey to AWS Identity Federation Mastery. As part of this workshop, attendees were able to submit their own federation-focused questions to […]

Read More

How to Use SAML to Automatically Direct Federated Users to a Specific AWS Management Console Page

Identity federation enables your enterprise users (such as Active Directory users) to access the AWS Management Console via single sign-on (SSO) by using their existing credentials. In Security Assertion Markup Language (SAML) 2.0, RelayState is an optional parameter that identifies a specified destination URL your users will access after signing in with SSO. When using […]

Read More

How to Set Up Uninterrupted, Federated User Access to AWS Using AD FS

Microsoft Active Directory Federation Services (AD FS) is a common identity provider that many AWS customers use to give federated users access to the AWS Management Console. AD FS uses multiple certificates to ensure secure communication between servers and to act as authentication mechanisms. One such mechanism is called the token-signing certificate. When the token-signing certificate expires, […]

Read More

How to Set Up SSO to the AWS Management Console for Multiple Accounts by Using AD FS and SAML 2.0

AWS supports Security Assertion Markup Language (SAML) 2.0, an open standard for identity federation used by many identity providers (IdPs). SAML enables federated single sign-on (SSO), which enables your users to sign in to the AWS Management Console or to make programmatic calls to AWS APIs by using assertions from a SAML-compliant IdP. Many of […]

Read More

AWS IAM Sessions at re:Invent 2015

As I said last week, the breakout sessions for the Security & Compliance track have been announced and are shown in the re:Invent 2015 session catalog. If you are going to re:Invent 2015, you can add these sessions to your schedule now. Today, I will highlight the AWS Identity and Access Management (IAM) sessions that […]

Read More

How to Implement a General Solution for Federated API/CLI Access Using SAML 2.0

Note: Active Directory Federation Services (AD FS) 3.0 uses form-based authentication by default. If you are using AD FS 3.0 in this configuration, use the solution presented in this post. In my earlier post, How to Implement Federated API and CLI Access Using SAML 2.0 and AD FS, I walked through how to implement federated API […]

Read More

In Case You Missed These: Recent AWS Security Blog Posts

Just in case you missed any of the AWS Security Blog posts from the last month or so, we have summarized and linked to them in this blog post. The linked posts are shown in reverse chronological order (most recent first), and the subject matter ranges from privacy and data security at Amazon to AWS […]

Read More

How to Implement Federated API and CLI Access Using SAML 2.0 and AD FS

Note 1: On August 12, 2015, I published a follow-up to this post, which is called How to Implement a General Solution for Federated API/CLI Access Using SAML 2.0. Be sure to see that post if you want to implement a general federation solution (not specific to AD FS). Note 2: This post focuses on NTLM authentication, […]

Read More

New Whitepaper—Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth

The newly released whitepaper, Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth, will help you integrate your existing LDAP-based user directory with AWS. When you integrate your existing directory with AWS, your users can access AWS by using their existing credentials. This means that your users don’t need to maintain yet another user name and password […]

Read More