Configuring AWS SSO (IAM Identity Center)

Configuring AWS SSO (IAM Identity Center)

Configuring AWS SSO

You will need to create an AWS IAM Identity Center (Single Sign-On) in the management account on AWS. The SSO is used to manage workforce user access to multiple AWS accounts and cloud applications.

Follow these steps to get started with AWS and to create AWS Organizations.

Creating an IAM Identity Center (SSO)

  1. Sign in to the AWS Management Console with your AWS account root user credentials.
  2. Navigate to IAM Identity Center console.
  3. Click Enable on the IAM Identity Center page.

Create a user

  1. Assuming that the SSO is enabled to your AWS Organization:
  2. Login to the AWS console and type IAM Identity Center into the Find Services box and click on IAM Identity Center;
  3. Click on the User option on the left;
  4. Click on Add User;
  5. Enter details to fields:
  6. Username (enter a valid email address for this user);
  7. Password;
  8. Email address (enter the same email address in the username field);
  9. Confirm email address;
  10. First name;
  11. Last name; and
  12. Display name.

image

Create a group

Group is used to group all users with the same set of permissions.

  1. Login to the AWS console and type IAM Identity Center into the Find Services box and click on IAM Identity Center;
  2. Click on the Group option on the left;
  3. Click on Create Group;
  4. Enter details to fields:
    1. Group name; and
    2. Description
image
  1. Add users to the group by selecting all users that should have the same set of permissions in the list Add users to group.
  2. Click on Create group.

Create Permission Sets

The permission sets define the level of access that users in IAM Identity Center have to their assigned AWS accounts.

  1. Login to the AWS console and type IAM Identity Center into the Find Services box and click on IAM Identity Center;
  2. Select Permission sets on the left menu;
  3. Select Create permission set;
  4. Permission Type: there are two ways to create the permission set:
    1. Predefined permission set - Create a predefined permission set by choosing an AWS-defined template;
      1. Chose the Policy for predefined permission set.
      2. Click Next.
      3. Enter permission set detials and click Next;
      4. Review the details and click Save;
    2. Custom permission set - Create a custom permission set by selecting AWS managed policies and creating an inline policy (recommended).
      1. Click Next;
      2. Specify policies and permissions boundary and click Next;
      3. Enter the permission set details and click Next
      4. Review the details and click Save.

Configuring SSO for Microsoft Azure
Configuring SSO for Microsoft Azure
Configuring SSO for G-Suite
Configuring SSO for G-Suite

← Previous

Billing Alerts
Billing Alerts

Next →

Environments
Environments