Tag: SSO

March 16, 2022: The title and the opening section of this blog post has been updated. Federating your external identity provider (IdP) to AWS is a best practice. The simplest way to federate into AWS is with AWS Single Sign-On (AWS SSO). With AWS SSO, you configure federation once and manage access to all of your AWS accounts […]

Background AWS Control Tower offers a straightforward way to set up and govern an Amazon Web Services (AWS) multi-account environment, following prescriptive best practices. AWS Control Tower orchestrates the capabilities of several other AWS services, including AWS Organizations, AWS Service Catalog, and AWS Single Sign-On (AWS SSO), to build a landing zone very quickly. AWS […]

December 2, 2019: Since the author wrote this post, AWS Single Sign On (AWS SSO) has launched native features that simplify using Azure Active Directory as an identity provider. Therefore, AWS SSO is now the recommended solution for enabling SAML federation using Azure AD. See this blog post for details. You can use federation to […]

Today, AWS introduced AWS Single Sign-On (AWS SSO), a service that makes it easy for you to centrally manage SSO access to multiple AWS accounts and business applications. AWS SSO provides a user portal so that your users can find and access all of their assigned accounts and applications from one place, using their existing […]

AWS Identity and Access Management (IAM) supports identity federation, which enables external identities, such as users in your corporate directory, to sign in to the AWS Management Console via single sign-on (SSO). Now with a small configuration change, your AWS administrators can allow your federated users to work in the AWS Management Console for up […]

March 10, 2020: This blog post is out of date. Please refer to this post for updated info: How to set up federated single sign-on to AWS using Google Workspace The AWS Security Blog has covered a variety of solutions for federating single sign-on (SSO) to the AWS Management Console. For example, How to Connect […]

AWS Directory Service now offers an additional directory type. Now you can launch and run a Microsoft Active Directory (AD) as a managed service in the AWS cloud. AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also referred to as Microsoft AD, is powered by Windows Server 2012 R2. When you select and launch […]

AD Connector is designed to give you an easy way to establish a trusted relationship between your Active Directory and AWS. When AD Connector is configured, the trust allows you to: Sign in to AWS applications such as Amazon WorkSpaces, Amazon WorkDocs, and Amazon WorkMail by using your Active Directory credentials. Seamlessly join Windows instances […]

October 15, 2021:We updated a link in this blog post. The newly released whitepaper, Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth, will help you integrate your existing LDAP-based user directory with AWS. When you integrate your existing directory with AWS, your users can access AWS by using their existing credentials. This means that your users […]

At the end of 2013, we introduced single sign-on to the AWS Management Console using the Security Assertion Markup Language (SAML) 2.0. This enables you to use your organization’s existing identity system to sign in to the console without having to provide AWS credentials. Today we’re happy to announce that, in response to your feedback, […]