Amazon launches cloud SSO service for managing multiple AWS accounts

1 year ago

On Thursday, Amazon Web Services (AWS) announced AWS Single Sign-On (SSO), a new cloud SSO service that will make it easier for users to manage multiple AWS accounts with a single set of credentials.

According to a press release, users will be able to sign in to a central portal using their existing corporate credentials. From there, they can access and manage all of their accounts and applications in one place.

The tool also works with Microsoft Active Directory (AD), so users will be able to authenticate with their AD credentials. Through AD, admins can manage SSO access and permissions for users and groups in their directory as well.

“For instance, you can grant the DevOps AD group access to your production AWS accounts. When you add users to this group, they are granted access to your production AWS accounts automatically. This makes it easy to on-board new users and give existing users SSO access to new accounts and applications quickly,” according to the product site.

SEE: Network security policy template (Tech Pro Research)

AWS SSO will configure and maintain the permissions automatically. Admins will be able to assign specific permissions based on the functions or requirements of a user’s role, and further customize them to fit security or policy requirements, the website noted.

In terms of permissions, one example offered on the website was giving a security team admin access only to AWS accounts that run the security tools, while providing auditor access everywhere else.

The service can also be integrated into other business applications. Through the application configuration wizard in AWS SSO, Security Assertion Markup Language (SAML) 2.0 integrations can be created to allow for AWS SSO to be used with any proprietary apps that are SAML-enabled, the release said.

Built-in SAML integrations exist for third-party apps like Salesforce, Box, and Office 365 as well, the release noted.

Any SSO activity will be recorded in AWS CloudTrail, for compliance and auditing purposes. This includes the time that account access was attempted, and the IP address that the attempt originated from.

AWS SSO is available in the firm’s US East (North Virginia) Region, and there is no additional cost associated with the service.

The 3 big takeaways for TechRepublic readers

  1. Amazon has launched AWS Single Sign-On (SSO), an SSO service that will make it easier for users to manage multiple AWS accounts with their corporate credentials.
  2. AWS SSO integrates with Microsoft Active Directory, allowing for further management of account access and permissions through the service.
  3. AWS SSO can be integrated with other SAML-enabled applications, including proprietary apps, Salesforce, Box, and Office 365.

Also see

Image: iStockphoto/Jirsak

Richard J. Daniels