AWS Single Sign-On (SSO)

We have multiple AWS accounts in our Organization, we have multiple applications running and are to be looked in by logging in to each one of them with different credentials, my user do not want to remember multiple credentials, my user is not happy with this i need a one stop solution to :(!!!!! If these are your headache things then go for AWS SSO!!!

AWS SSO is a cloud-based single sign-on (SSO) service that makes it easy to centrally manage SSO access to all of your AWS accounts and cloud applications. Specifically, it helps you manage SSO access and user permissions across all your AWS accounts in AWS Organizations.

You can create user identities directly in AWS SSO, or you can bring them from your Microsoft Active Directory or a standards-based identity provider, such as Okta Universal Directory or Azure AD.

It’s easy to get started with AWS SSO. With just a few clicks in the management console, you can connect AWS SSO to your existing identity source and configure permissions that grant users access to their assigned AWS accounts, cloud applications, and other SAML-based applications that you add to AWS SSO.

AWS SSO features

Integration with AWS Organizations

SSO access to your AWS accounts and cloud applications

Create and manage users and groups in AWS SSO

Leverage your existing corporate identities

Compatible with commonly used cloud applications

Easy to set up and monitor usage

Co-exists with existing IAM users, roles, and policies

No-cost identity management

Read in detail here https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html

Understanding key AWS Single Sign-On concepts

User name and email address uniqueness - When working in AWS SSO, users must be uniquely identifiable. AWS SSO implements a user name that is the primary identifier for your users.

Groups - Groups are a logical combination of users that you define. Instead of giving individual user SSO permission you can add required users to group and assign permission to that group.

User and Group provisioning - You can create users and groups directly in AWS SSO, or work with users and groups you have in Active Directory or an external identity provider. In order for AWS SSO to assign users and groups for permissions in an AWS SSO account, AWS SSO must first be aware of the users and groups.

Look at the demo video on how to setup AWS SSO.

— — — — — — — — — — — — — — — — — — — — — — — —

Follow my page to keep updated with new AWS Services and releases.

@ yogendrahj.medium.com

LEARN and BE CURIOUS!!!!!

Happy Learning,

Yogendra