SSO

Introduction

  • Centrally manage Single Sign-On to access multiple accounts and 3rd party business applications.

  • Integrated wth AWS Organizations, on-premise AD

  • Supports SAML 2.0

  • Centralized auditing with CloudTrail

Feature

  • Options for Setting up with AD

    • Standalone AWS Managed Microsoft AD

    • AD Connector to on-premise AD

    • AWS Managed Microsoft AD with 2-way forest trust with on-premise AD

  • Regular AssumeRoleWithSAML vs SSO

    • AssumeRoleWithSAML Steps:

      • Client talks to 3rd party IdP login portal to get SAML response

      • send SAML to STS to get credentials.

    • AWS SSO Steps:

      • Client talks to AWS SSO login portal which directly talks to identity store that is compatible with SAML 2.0 then returns the credential to client.

    • Advantages to use AWS SSO:

      • Doesn't need the 3rd party login portal.

      • Simplifying 2 steps into 1.

PreviousResource Access Manager (RAM)NextSTS

Last updated