Azure AD — AWS SSO Integration
In this post, I will cover the implementation steps to establish the SAML trust between the two platforms ( Azure and AWS). The use case here is to manage the AWS SSO with the External Identity federation through Azure Active Directory i.e the users will be synced with AWS SSO from the Active directory. One can use the other option provided by AWS for the Active Directory Integration like AD connector and AWS Managed Microsoft AD.
Below mentioned blogs should be enough to get started and help you with the configuration of Azure AD integration with AWS SSO.
Note:
1. At both ends, the Saml Metadata File is required which includes the sign-in, sign-on, and issuer URL, to avoid any kind of mismatch of the metadata URL, try downloading and uploading the metadata file at both ends.
2. Attributes and claims are necessary when it comes to user provisioning. You can provision your users manually, automatically ( interval of 40 min ), and on-demand provisioning( instant ) as per your requirements. Please make sure that there should not be any missing attributes in your users' identities. ( check users portal in Azure Active directory), if there are some missing attributes in the user’s identity, then it will throw a schema mismatch error.
See the list of supported attributes below.
3. For management of the permission and access, you need to create the permission sets first in the AWS SSO portal, and then assign it to the particular users or accounts. Permission sets can be created from the predefined access provided by AWS like Administrator access, s3fullacess, or can be created through custom access.
This blog doesn't contain the detailed steps for the integration as the official docs are self-sufficient and correct for the integration. Still, if you face any issues, Feel free to Reach out to me in case of any queries.
Thanks