AWS Single Sign-On

Centrally manage access to multiple AWS accounts or applications.

AWS Single Sign-On (AWS SSO) is where you create, or connect, your workforce identities in AWS once and manage access centrally across your AWS organization. You can choose to manage access just to your AWS accounts or cloud applications. You can create user identities directly in AWS SSO, or you can bring them from your Microsoft Active Directory or a standards-based identity provider, such as Okta Universal Directory or Azure AD. With AWS SSO, you get a unified administration experience to define, customize, and assign fine-grained access. Your workforce users get a user portal to access all of their assigned AWS accounts, Amazon EC2 Windows instances, or cloud applications. AWS SSO can be flexibly configured to run alongside or replace AWS account access management via AWS IAM.

It’s easy to get started with AWS SSO. With just a few clicks in the management console, you can connect AWS SSO to your existing identity source and configure permissions that grant users access to their assigned AWS accounts, cloud applications, and other SAML-based applications that you add to AWS SSO.

Benefits

Central place to create or connect your identities

You have the option to create your users' identities and groups in AWS SSO. Or, you can connect to your existing users and groups from Microsoft Active Directory Domain Services, Okta Universal Directory, Azure AD, or another standards-based identity provider. In either case, you manage and authenticate users where you want and AWS SSO authorizes access to the AWS accounts, cloud applications, and other SAML-based applications that you add to AWS SSO.

Manage access to multiple AWS accounts from one place

With AWS Organizations integration, AWS SSO enables you to manage access across multiple accounts with no additional setup within individual accounts. You can assign user permissions based on common job functions, customize them to meet your specific security requirements, and assign fine-grained permissions within the specific accounts where they need access. AWS SSO also allows you to utilize user attributes, such as cost center, title, or locale, for attribute-based access control (ABAC).

Manage access to your cloud applications

With AWS Single Sign-On, you can easily control who has access to your cloud applications. Your users can utilize their directory credentials to sign in to their AWS SSO web user portal and get one-click access to their assigned applications like Amazon SageMaker Studio, AWS Systems Manager Change Manager, and standards-based cloud applications including Salesforce, Box, and Microsoft 365.

How it works

SSO-diagram

Use Cases

Enable single sign-on access to your AWS accounts

Your users can utilize their directory credentials for single sign-on access to multiple AWS accounts. Their personalized web user portal shows their assigned roles in AWS accounts in one place. Users can also single sign-on via the AWS Command Line Interface (CLI), AWS SDKs, or Mobile Console app using their directory credentials for a consistent authentication experience.

Learn more >>

Enable access to integrated applications

AWS SSO is integrated with applications like Amazon SageMaker Studio, AWS Systems Manager Change Manager, and AWS IoT SiteWise for zero-configuration authentication and authorization. These integrated applications share a consistent view of users and groups for resource sharing and collaboration all within the application.

Learn more >>

Enable single sign-on access to your cloud applications

You can easily configure single sign-on access to applications that support the Security Assertion Markup Language (SAML 2.0) using the AWS SSO application configuration wizard.
AWS SSO also provides preconfigured settings for many cloud applications including Salesforce, Box, and Microsoft 365.

Learn more >>

Invenia_LABS_logo_600x400
Invenia is a cloud-based machine learning platform that uses big, high frequency data to solve complex energy intelligence problems in real-time. As a cloud-based business ourselves, we rely extensively on AWS and a number of SaaS-based applications, but didn't like the security and compliance risks associated with managing end-user credentials to so many independent systems. Deploying AWS SSO allowed us to provide access to those same applications, but using our existing corporate credentials instead, and without any of the hassle of managing a traditional SSO solution - Brilliant!
- Sascha McDonald, Head of Architecture and Operations, Invenia


syncron-logo-600x400
Syncron is a provider of cloud-based after-sales service solutions focused on empowering the world’s leading manufacturers to maximize product uptime and deliver exceptional customer experiences. As a cloud-based business, we're very mindful of the productivity disruptions and security challenges that can arise when users are overloaded with unique credentials. With AWS SSO, we can quickly and easily connect users into AWS using their normal enterprise credentials – allowing us to focus on continuing to deliver exceptional services to our customers instead of managing the lifecycle of users’ credentials in our AWS multi-account structure.
    - Richard Barkestam, CTO, Syncron


The AWS Competency Program is designed to identify, validate, and promote AWS Partner Network (APN) Advanced and Premier Tier Partners with demonstrated AWS technical expertise and proven customer success. To learn more, see the AWS Competency Program.

Okta, Inc.

600x400_Okta_Logo

Okta is the identity company that stands for trust.

Learn more »

OneLogin, Inc.

400x135_AWS_SellerLogo_onelogin

OneLogin is a leading cloud identity management company, enabling enterprises to secure connections across all users and all devices. 

Learn more »

Ping Identity

600x400_Ping

Ping Identity provides secure, seamless access to apps and resources from anywhere and is trusted by over half of the Fortune 100.

Learn more »

Built-in support for AWS accounts and business applications

AWS SSO helps manage access to your AWS accounts and business applications. For a full list of business applications pre-integrated with AWS SSO, see AWS SSO Cloud Applications.

AWS-600x400
600x400_atlassian
600x400_Box_Logo
Dropbox-600x400
Github
GSuite_600x400
O365_600x400
SalesForce
600x400_servicenow
Slack

Blog posts & articles

1

Learn more about AWS Single Sign-On key features

Visit the features page
Ready to get started?
Sign up
Have more questions?
Contact us