Manage access to AWS centrally for OneLogin users with AWS Single Sign-On

Posted on: Jul 31, 2020

Customers can now connect their OneLogin Identity Management Platform (OneLogin) to AWS Single Sign-On (SSO) once, manage access to AWS centrally in AWS SSO, and enable end users to sign in using OneLogin to access all their assigned AWS accounts. The integration helps customers simplify AWS access management across multiple accounts while maintaining familiar OneLogin experiences for administrators who manage identities, and for end users as they sign in. AWS SSO and OneLogin use standards-based automation to provision users and groups into AWS SSO, saving administration time and increasing security.  

The interoperability of AWS SSO and OneLogin enables administrators to assign users and groups access centrally to their AWS Organizations accounts and AWS SSO integrated applications. This makes it easier for an AWS administrator to manage access to AWS and ensure OneLogin users have the right access to the right AWS accounts. Ongoing management is also simplified. For example, when using group assignments, OneLogin administrators can simply grant or remove AWS account access by adding or removing users from a OneLogin group.  

AWS SSO and OneLogin use the System for Cross-domain Identity Management (SCIM) standard to automate the process of provisioning users and groups into AWS SSO. AWS SSO also authenticates OneLogin users to their assigned AWS accounts through the Security Assertion Markup Language (SAML 2.0) standard. To configure the SCIM and SAML connections, administrators can use the AWS SSO Connector available in OneLogin Application Catalog.  

Your end users get their familiar OneLogin sign-in experience including MFA and central access to all of their assigned AWS accounts, including those created with AWS Control Tower account factory. In addition, your users can use their OneLogin credentials to sign in to the AWS Management Console, AWS Command Line Interface (CLI), AWS Console Mobile Application, and AWS integrated services, including AWS IoT SiteWise Monitor and Amazon SageMaker Notebooks. 

It is easy to get started with AWS SSO. With just a few clicks in the AWS SSO management console, you can choose AWS SSO, Active Directory, or an external identity provider, now including OneLogin, as your identity source. Your users sign in with the convenience of their familiar sign-in experience and get single-click access to all their assigned accounts from the AWS SSO user portal. To learn more, please visit AWS Single Sign-On. To connect OneLogin to AWS SSO as an external identity provider, please see the AWS SSO documentation.  

There is no cost for AWS SSO, and it is available in the US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), Asia Pacific (Singapore), Asia Pacific (Sydney), EU (Ireland), EU (Frankfurt), EU (London), and EU (Stockholm) Regions.