This is a second article in series on Outsource your Authentication and Authorization to AWS IAM Identity Center.
In this article we will be configuring the AWS Managed Microsoft AD as an identity source for AWS IAM Identity Center(successor to AWS Single Sign-On).
Prerequisites
- AWS Managed Microsoft AD, you can follow the previous article in series
- AWS Organization should be already setup, it can be done in few clicks if any of you want a article on that feel free to leave a comment
- Basic understanding of what are Single Sign-On Systems
I will be using N. Virginia(us-east-1) region throughout the series. To setup AWS IAM Identity Center with AWS Managed Microsoft AD follow the following steps:
- On your AWS Console search for Identity and click on IAM Identity Center
- Then enable and wait for few seconds
- Now lets configure previously created Managed AD as our identity provider(IdP). For that click on Choose your identity source
- Then under Identity Source select Action and click on Change identity source
- Then select Active Directory and Click Next
- Then under Existing Directories select the AD we created previously and click Next
- Now review all the consequences and type ACCEPT in confirmation box and click Change identity source
- Then wait for few seconds for changes to get applied and then you will be returned to Setting screen. Now click on Resume Sync
- Now we need Configure attribute mappings from AD to IAM Identity Center. AWS have recommended one we will go with them to configure at top of setting page click on Start guided setup
- For now we don't need to modify the attribute mapping just click Next to configure it
- Currently our AD have one user(Admin) and zero groups we will import Admin User searching Admin in search box then click Add and then select user and click next
- Then click on Save configuration
That is it we have done all the required things to setup AWS IAM Identity Center with AWS Managed Microsoft AD.
Optional Step
Customize our access Portal URL.
- On your dashboard page. Click Customize in Setting Summary
- Then access portal to your liking and click Save
Lets Test our AWS Access Portal
Access Portal using the URL you just copied. And login using Active Directory Admin Username and Password. If everything has been configured correctly you should see a Portal without any apps because we haven't configured any yet
Top comments (0)